Update to 2.12 and problem with schema migration

Icinga Web
1

Hi all!

I’ve a problem with schema migration (Settings->System-Migration) after update to 2.12. On a host with MariaDB on a other host with connection over TLS I get these errors:

SQLSTATE[HY000] [1045] Access denied for user 'icingaweb2'@'myhost' (using password: YES)

#0 /usr/share/icingaweb2/modules/setup/library/Setup/Utils/DbTool.php(353): PDO->__construct()
#1 /usr/share/icingaweb2/modules/setup/library/Setup/Utils/DbTool.php(231): Icinga\Module\Setup\Utils\DbTool->pdoConnect()
#2 /usr/share/icingaweb2/modules/setup/library/Setup/Utils/DbTool.php(166): Icinga\Module\Setup\Utils\DbTool->connect()
#3 /usr/share/php/Icinga/Application/MigrationManager.php(336): Icinga\Module\Setup\Utils\DbTool->connectToDb()
#4 /usr/share/php/Icinga/Application/MigrationManager.php(228): Icinga\Application\MigrationManager->checkRequiredPrivileges()
#5 /usr/share/icingaweb2/application/controllers/MigrationsController.php(58): Icinga\Application\MigrationManager->validateDatabasePrivileges()
#6 /usr/share/icinga-php/vendor/vendor/shardj/zf1-future/library/Zend/Controller/Action.php(516): Icinga\Controllers\MigrationsController->indexAction()
#7 /usr/share/php/Icinga/Web/Controller/Dispatcher.php(76): Zend_Controller_Action->dispatch()
#8 /usr/share/icinga-php/vendor/vendor/shardj/zf1-future/library/Zend/Controller/Front.php(954): Icinga\Web\Controller\Dispatcher->dispatch()
#9 /usr/share/php/Icinga/Application/Web.php(294): Zend_Controller_Front->dispatch()
#10 /usr/share/php/Icinga/Application/webrouter.php(105): Icinga\Application\Web->dispatch()
#11 /usr/share/icingaweb2/public/index.php(4): require_once(String)
#12 {main}

In MariaDB log I see ‘Access Denied’.

The test connect to the db does work correctly (Settings->Configuration->Application->Ressources).

On an other host with a local MariaDB without TLS the schema migration has worked without problems after update to 2.12.

The grants are on both hosts the same:
with MariaDB on other Host and TLS:
±------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for icingaweb2@myhost |
±------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON . TO icingaweb2@myhost IDENTIFIED BY PASSWORD '********************’ REQUIRE SSL |
| GRANT ALL PRIVILEGES ON icingaweb2. TO icingaweb2@myhost |
±------------------------------------------------------------------------------------------------------------------------------------------------+

With MariaDB on localhost and without TLS
±------------------------------------------------------------------------------------------------------------------+
| Grants for icingaweb2@localhost |
±------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON . TO icingaweb2@localhost IDENTIFIED BY PASSWORD '********************’ |
| GRANT ALL PRIVILEGES ON icingaweb2. TO icingaweb2@localhost |
±------------------------------------------------------------------------------------------------------------------+

What can be the problem?

  • Icinga Web 2 version: 2.12.0
  • Used modules and their versions (System - About)
  • director 1.10.2
  • doc 2.12.0
  • fileshipper 1.2.0
  • incubator 0.20.0
  • monitoring 2.12.0
  • Web browser used - Edge and Firefox
  • Icinga 2 version used (icinga2 --version): r2.14.0-1
  • PHP version used (php --version): 8.0.27
  • Server operating system and version: Red Hat Enterprise Linux Release 8.8
2

Hi !
Could you try to use the following Grants for the icingaweb2 DB User

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `icingaweb2_database`.* TO `icingaweb2`@`myhost`;                                                             
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, CREATE TEMPORARY TABLES, EXECUTE ON `icingaweb2_database`.* TO `icingaweb2`@`myhost`;                           
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE VIEW ON `icingaweb2_database`.`icingaweb_group_membership` TO `icingaweb2`@`myhost`; 
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE VIEW ON `icingaweb2_database`.`icingaweb_rememberme` TO `icingaweb2`@`myhost`;       
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE VIEW ON `icingaweb2_database`.`icingaweb_user` TO `icingaweb2`@`myhost`;             
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE VIEW ON `icingaweb2_database`.`icingaweb_group` TO `icingaweb2`@`myhost`;            
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE VIEW ON `icingaweb2_database`.`icingaweb_user_preference` TO `icingaweb2`@`myhost`;  
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE VIEW ON `icingaweb2_database`.`icingaweb_schema` TO `icingaweb2`@`myhost`;

Regards

David

3

no, it doesnt help… same error

4

I also have been seeing this nag since I upgraded to 2.12. icingaweb2 still works fine, but it shows a warning about the migration having failed. The db user clearly has the necessary privileges on the db, so I think the scripts that check for this are not getting expected results from mariadb 10.5.21, which is what debian 11 (bullseye) installs for mysql. I resolved the problem by importing the schema update from /usr/share/icingaweb2/schema/mysql.schema.sql manually.

The new schema seems to be for icingaweb2 users, groups and group memberships, and user preferences, so not really a major impact on functionality. I suspect this is for future features of the application.

5

oh cool…

can you describe step by step how do you made the schema update? Would a simple import do the work? e.g.:

mysql -u root -p icingaweb2 < /usr/share/icingaweb2/schema/mysql.schema.sql

6

Ach there are schema diff files in mysql-upgrade folder for each version… That was the answer :slight_smile:

1 Like