IcingaWeb RHLE last step failure (authorisation, write, access, group,..)

Failed to set up Icinga Web 2 successfully :slight_smile:

Hello,
At the last step of the setup web ic2, it appears to have access / write restriction :
Seems to probably be user / group privilege ?

Here is the last screen message which block to complete the setup :
Thanks for help :


Authentication configuration has been successfully written to: /etc/icingaweb2/authentication.ini
Account "icingadmin" has been successfully defined as initial administrator.

User Group Backend configuration has been successfully written to: /etc/icingaweb2/groups.ini
Unable to create user group "Administrators". An error occured:
ERROR: Zend_Db_Adapter_Exception in /usr/share/icinga-php/vendor/vendor/shardj/zf1-future/library/Zend/Db/Adapter/Pdo/Abstract.php:171 with message: SQLSTATE[HY000] [1044] Access denied for user 'icingadb'@'localhost' to database 'icingadb-web'

Resource configuration could not be written to: /etc/icingaweb2/resources.ini. An error occured:
ERROR: ErrorException in /usr/share/php/Icinga/File/Ini/IniWriter.php:99 with message: file_put_contents(/etc/icingaweb2/resources.ini): Failed to open stream: Permission denied

Resource configuration update failed: /etc/icingaweb2/resources.ini
ERROR: ErrorException in /usr/share/php/Icinga/File/Ini/IniWriter.php:99 with message: file_put_contents(/etc/icingaweb2/resources.ini): Failed to open stream: Permission denied

Module configuration update successful: /etc/icingaweb2/modules/icingab/config.ini

Commandtransport configuration update successful: /etc/icingaweb2/modules/icingadb/commandtransports.ini

Monitoring backend configuration has been successfully written to: /etc/icingaweb2/modules/monitoring/backends.ini
Resource configuration could not be udpated: /etc/icingaweb2/resources.ini. An error occured:
ERROR: ErrorException in /usr/share/php/Icinga/File/Ini/IniWriter.php:99 with message: file_put_contents(/etc/icingaweb2/resources.ini): Failed to open stream: Permission denied

Command transport configuration has been successfully created: /etc/icingaweb2/modules/monitoring/commandtransports.ini

Monitoring security configuration has been successfully created: /etc/icingaweb2/modules/monitoring/config.ini

Module "director" has been successfully enabled.
Module "doc" has been successfully enabled.
Module "icingadb" has been successfully enabled.
Module "incubator" has been successfully enabled.
Module "migrate" has been successfully enabled.
Module "monitoring" has been successfully enabled.
Module "translation" has been successfully enabled.
  • Version used : Last release icinga2
  • Operating System and version : RHLE9
  • Enabled features (icinga2 feature list)
  • Last Icinga Web 2 version and Director modules
  • Config validation : icinga2 daemon -C

I think your permissions in /etc/icingaweb2 got somehow messed up.
Can you run an ls -l /etc/icingaweb2/

I just changed resources.ini (was root:icingaweb2 by apache:icingaweb2) and seems to resolve a part of the final problem.

ls -l /etc/icingaweb2/
total 24
-rw-rw----. 1 apache icingaweb2  57 Dec  4 09:56 authentication.ini
-rw-rw----. 1 apache icingaweb2 223 Dec  4 09:56 config.ini
drwxrws---. 2 root   icingaweb2 118 Nov 29 15:47 enabledModules
-rw-rw----. 1 apache icingaweb2  57 Dec  4 09:56 groups.ini
drwxrws---. 4 root   icingaweb2  40 Nov 29 15:47 modules
-rw-r--r--. 1 apache icingaweb2 447 Dec  4 09:56 resources.ini
-rw-rw----. 1 apache icingaweb2  82 Dec  4 09:56 roles.ini
-rw-rw----. 1 root   icingaweb2  17 Nov 29 10:55 setup.token

Now the remaining error left is :

General configuration has been successfully written to: /etc/icingaweb2/config.ini

Authentication configuration has been successfully written to: /etc/icingaweb2/authentication.ini
Account "icingadmin" has been successfully defined as initial administrator.

User Group Backend configuration has been successfully written to: /etc/icingaweb2/groups.ini
Unable to create user group "Administrators". An error occured:
ERROR: Zend_Db_Adapter_Exception in /usr/share/icinga-php/vendor/vendor/shardj/zf1-future/library/Zend/Db/Adapter/Pdo/Abstract.php:171 with message: SQLSTATE[HY000] [1044] Access denied for user 'icingadb'@'localhost' to database 'icingadb-web'

Resource configuration has been successfully written to: /etc/icingaweb2/resources.ini

Resource configuration update successful: /etc/icingaweb2/resources.ini

Module configuration update successful: /etc/icingaweb2/modules/icingab/config.ini

Commandtransport configuration update successful: /etc/icingaweb2/modules/icingadb/commandtransports.ini

Monitoring backend configuration has been successfully written to: /etc/icingaweb2/modules/monitoring/backends.ini
Resource configuration has been successfully updated: /etc/icingaweb2/resources.ini

Command transport configuration has been successfully created: /etc/icingaweb2/modules/monitoring/commandtransports.ini

Monitoring security configuration has been successfully created: /etc/icingaweb2/modules/monitoring/config.ini

Module "director" has been successfully enabled.
Module "doc" has been successfully enabled.
Module "icingadb" has been successfully enabled.
Module "incubator" has been successfully enabled.
Module "migrate" has been successfully enabled.
Module "monitoring" has been successfully enabled.
Module "translation" has been successfully enabled.

Also, status of db reflect perhaps the issue :

systemctl status icingadb
× icingadb.service - Icinga DB
     Loaded: loaded (/usr/lib/systemd/system/icingadb.service; enabled; preset: disabled)
     Active: failed (Result: exit-code) since Wed 2024-12-04 10:00:41 CET; 7min ago
   Duration: 5min 9ms
    Process: 24886 ExecStart=/usr/sbin/icingadb --config /etc/icingadb/config.yml (code=exited, status=1/FAILURE)
   Main PID: 24886 (code=exited, status=1/FAILURE)
        CPU: 1.401s

Dec 04 09:58:23 lmonicp24.lx.finbel.intra icingadb[24886]: redis: Can't connect to Redis. Retrying
Dec 04 09:58:23 lmonicp24.lx.finbel.intra icingadb[24886]: redis: Can't connect to Redis. Retrying
Dec 04 09:58:23 lmonicp24.lx.finbel.intra icingadb[24886]: redis: Reconnected to Redis
Dec 04 09:58:23 lmonicp24.lx.finbel.intra icingadb[24886]: redis: Reconnected to Redis
Dec 04 09:58:41 lmonicp24.lx.finbel.intra icingadb[24886]: heartbeat: Waiting for Icinga heartbeat
Dec 04 09:59:41 lmonicp24.lx.finbel.intra icingadb[24886]: heartbeat: Waiting for Icinga heartbeat
Dec 04 10:00:41 lmonicp24.lx.finbel.intra icingadb[24886]: retry deadline exceeded
                                                           github.com/icinga/icingadb/pkg/icingadb.(*HA).controller
                                                                   github.com/icinga/icingadb/pkg/icingadb/ha.go:163
                                                           runtime.goexit
                                                                   runtime/asm_amd64.s:1695
                                                           HA aborted
                                                           github.com/icinga/icingadb/pkg/icingadb.(*HA).abort.func1
                                                                   github.com/icinga/icingadb/pkg/icingadb/ha.go:131
                                                           sync.(*Once).doSlow
                                                                   sync/once.go:74
                                                           sync.(*Once).Do
                                                                   sync/once.go:65
                                                           github.com/icinga/icingadb/pkg/icingadb.(*HA).abort
                                                                   github.com/icinga/icingadb/pkg/icingadb/ha.go:129
                                                           github.com/icinga/icingadb/pkg/icingadb.(*HA).controller
                                                                   github.com/icinga/icingadb/pkg/icingadb/ha.go:163
                                                           runtime.goexit
                                                                   runtime/asm_amd64.s:1695
                                                           HA exited with an error
                                                           main.run
                                                                   github.com/icinga/icingadb/cmd/icingadb/main.go:335
                                                           main.main
                                                                   github.com/icinga/icingadb/cmd/icingadb/main.go:37
                                                           runtime.main
                                                                   runtime/proc.go:271
                                                           runtime.goexit
                                                                   runtime/asm_amd64.s:1695
Dec 04 10:00:41 lmonicp24.lx.finbel.intra systemd[1]: icingadb.service: Main process exited, code=exited, status=1/FAILURE
Dec 04 10:00:41 lmonicp24.lx.finbel.intra systemd[1]: icingadb.service: Failed with result 'exit-code'.
Dec 04 10:00:41 lmonicp24.lx.finbel.intra systemd[1]: icingadb.service: Consumed 1.401s CPU time.

Also [selinux] is set to permissive from previous problem

Thanks for help :slight_smile:

Great :slight_smile:

Is the right database password in /etc/icingadb/config.yml? better doublecheck first:)

apparently yes, all the previous steps gone trough… I checked and seems the right one…
otherwise how / from where / what can I verify… (for me this should be ok)…

what about icingadb-web / icingadb ?

[Access denied for user ‘icingadb’@‘localhost’ to database ‘icingadb-web’]

here what’s found in mysql : (no icingadb-web ! ) maybe not the problem

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| director           |
| icinga             |
| icingadb           |
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
7 rows in set (0.00 sec)

[edit]
Also if this can help ? (but I don’t think something related, I 'm not sure to understand all these db, but no pwd for icdb should not restrain access) :

cat /etc/icinga2/features-available/icingadb.conf
object IcingaDB "icingadb" {
  //host = "127.0.0.1"
  //port = 6380
  //password = "xxx"
}

Thanks, it was mainly a db name problem (typing mistake between the link and the name of the db)

2 Likes