Not sure what I’m missing here. I’ve set up two Icinga masters in an HA pair in prod and didn’t have this issue.
I’m currently trying to set up a test master (single master needed only - for basic change testing). When I get to the step to do the web setup, I get to the point where it asks me for authentication backend information. I like to set up local first as a break-glass option and use LDAP later as well if needed or wanted.
When setting up local auth via mariadb (as I did on prod masters), I’m running into an issue where it’s telling me the user can’t create the necessary schema (I’m guessing). I’ve created the DB, logged into it using the user I’m specifying and tested creating a table there (dropped afterward) and it works. Also tried using root creds.
Anyone ever see this issue?
icinga2 --version
icinga2 - The Icinga 2 network monitoring daemon (version: r2.14.2-1)
Copyright (c) 2012-2024 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <https://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
System information:
Platform: Debian GNU/Linux
Platform version: 12 (bookworm)
Kernel: Linux
Kernel version: 6.1.0-18-amd64
Architecture: x86_64
Build information:
Compiler: GNU 12.2.0
Build host: runner-hh8q3bz2-project-575-concurrent-0
OpenSSL version: OpenSSL 3.0.11 19 Sep 2023
Application information:
General paths:
Config directory: /etc/icinga2
Data directory: /var/lib/icinga2
Log directory: /var/log/icinga2
Cache directory: /var/cache/icinga2
Spool directory: /var/spool/icinga2
Run directory: /run/icinga2
Old paths (deprecated):
Installation root: /usr
Sysconf directory: /etc
Run directory (base): /run
Local state directory: /var
Internal paths:
Package data directory: /usr/share/icinga2
State path: /var/lib/icinga2/icinga2.state
Modified attributes path: /var/lib/icinga2/modified-attributes.conf
Objects path: /var/cache/icinga2/icinga2.debug
Vars path: /var/cache/icinga2/icinga2.vars
PID path: /run/icinga2/icinga2.pid
php --version
PHP 8.2.7 (cli) (built: Jun 9 2023 19:37:27) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.7, Copyright (c) Zend Technologies
with Zend OPcache v8.2.7, Copyright (c), by Zend Technologies
Guessing here, but I would assume the provided credentials do really not work
The problem MIGHT be, that users in mysql/mariadb are often defined as username@host/ip and therefore you might try to login as a different user depending on whether you use localhost/127.0.0.1 or the “public” address of the machine.
also, is there really a database user called “root” or did you just try the root account of the linux machine?
Please add an example here on how specifically you tried (succesfully) to login into the database on the CLI
EDIT: As a note, the icingadbweb_test user host is localhost as I’ve got the authentication DB installed locally instead of on my DB server.
EDIT 2: Also tried exporting DB schema from production and importing on this test box, still not working.
Thanks for the input Lorenz! Here is what you asked for:
# mariadb -u icingadbweb_test -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 37
Server version: 10.11.6-MariaDB-0+deb12u1 Debian 12
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| icingadbweb_test |
| information_schema |
+--------------------+
2 rows in set (0.002 sec)
use icingadbweb_test;
Database changed
MariaDB [icingadbweb_test]> create table test_table(a int);
Query OK, 0 rows affected (0.009 sec)
MariaDB [icingadbweb_test]> show tables;
+----------------------------+
| Tables_in_icingadbweb_test |
+----------------------------+
| test_table |
+----------------------------+
1 row in set (0.001 sec)
MariaDB [icingadbweb_test]> exit;
Bye
# mariadb -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 38
Server version: 10.11.6-MariaDB-0+deb12u1 Debian 12
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> select user, host from mysql.user;
+------------------+-----------+
| User | Host |
+------------------+-----------+
| icingadbweb_test | localhost |
| mariadb.sys | localhost |
| mysql | localhost |
| root | localhost |
+------------------+-----------+
4 rows in set (0.003 sec)
MariaDB [(none)]> show grants for icingadbweb_test@localhost;
+-------------------------------------------------------------------------------------------------------------------------+
| Grants for icingadbweb_test@localhost |
+-------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `icingadbweb_test`@`localhost` IDENTIFIED BY PASSWORD 'password_hash' |
| GRANT ALL PRIVILEGES ON `icingadbweb_test`.* TO `icingadbweb_test`@`localhost` |
+-------------------------------------------------------------------------------------------------------------------------+
No --hostname flag, but I did run mariadb -u icingadbweb_test -p --host localhost and it worked as expected. Yes, this is the same user I tried in the web interface.
# mariadb -u icingadbweb_test -p --host localhost
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 99
Server version: 10.11.6-MariaDB-0+deb12u1 Debian 12
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| icingadbweb_test |
| information_schema |
+--------------------+
2 rows in set (0.001 sec)
MariaDB [(none)]> use icingadbweb_test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [icingadbweb_test]> show tables;
+----------------------------+
| Tables_in_icingadbweb_test |
+----------------------------+
| icingaweb_group |
| icingaweb_group_membership |
| icingaweb_rememberme |
| icingaweb_schema |
| icingaweb_user |
| icingaweb_user_preference |
+----------------------------+
6 rows in set (0.001 sec)
MariaDB [icingadbweb_test]> create table test_table(a int);
Query OK, 0 rows affected (0.008 sec)
MariaDB [icingadbweb_test]> show tables;
+----------------------------+
| Tables_in_icingadbweb_test |
+----------------------------+
| icingaweb_group |
| icingaweb_group_membership |
| icingaweb_rememberme |
| icingaweb_schema |
| icingaweb_user |
| icingaweb_user_preference |
| test_table |
+----------------------------+
7 rows in set (0.001 sec)
MariaDB [icingadbweb_test]> drop table test_table;
Query OK, 0 rows affected (0.005 sec)
Hey @lorenz - any ideas here? I even rebuilt a server just to run into the same issue. Not sure what’s happening as this did not happen with either of the production instances I’ve stood up that are currently working with the same exact configuration.
Figured this out - I’ll be putting a bug report in on the icingaweb2 github. Changing the DB name to “icingaweb2” fixed this. Appears the icingaweb2 application doesn’t play well with DB names that have an underscore in the name, although it’s permitted in MariaDB/MySQL syntax (provided the DB name doesn’t BEGIN with an underscore).
