Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Fri Sep 21, 2018 7:35 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Can spine initiate ssl connection to mysql server?
PostPosted: Tue Aug 07, 2018 4:13 am 
Offline

Joined: Mon Apr 06, 2015 7:01 am
Posts: 18
We are planning to move cacti mysql database to mysql farm and farm receives ssl mysql connections only.
I've checked spine documentation and spine.conf file and did not find any ssl related settings there.
Default php-poller to work we had to set $database_ssl to TRUE in db.php and specify $flags[PDO::MYSQL_ATTR_SSL_CA] in database.php.
But what about spine?


Top
 Profile  
 
 Post subject: Re: Can spine initiate ssl connection to mysql server?
PostPosted: Thu Aug 09, 2018 2:44 am 
Offline

Joined: Mon Apr 06, 2015 7:01 am
Posts: 18
I tried to set mysql client ssl-ca settings (/etc/my.cnf*), tried to recompile spine then, but still it can not connect to MariaDB server which requires ssl-connection:
2018/08/08 13:31:04 - SPINE: Poller[1] FATAL: Connection Failed, Error:'1045', Message:'Access denied for user 'cactiuser'@'IP' (using password: YES)' (Spine init)

Cacti (spine) developers, please respond.
If it's not possible we have to think about different solution.


Top
 Profile  
 
 Post subject: Re: Can spine initiate ssl connection to mysql server?
PostPosted: Thu Aug 09, 2018 6:49 am 
Offline
Cacti Guru User

Joined: Sun Aug 27, 2017 12:05 am
Posts: 1435
I'll be honest, I think so, but I'm not 100% sure. I'll have to have a look tonight to check.

_________________
Cacti Resources:
Cacti Website
Cacti Issues
Cacti Releases

My resources:
How to submit Pull Requests
Development Wiki and How To's
Updated NetSNMP Memory template for Cacti 1.x
Cisco SFP template for Cacti 0.8.8


Top
 Profile  
 
 Post subject: Re: Can spine initiate ssl connection to mysql server?
PostPosted: Fri Aug 10, 2018 4:22 am 
Offline
Cacti Guru User

Joined: Sun Aug 27, 2017 12:05 am
Posts: 1435
So it turns out that the 1.x branch does not explicitly use SSL as none of the SSL options are set, only the following ones are:

MYSQL_OPT_READ_TIMEOUT
MYSQL_OPT_WRITE_TIMEOUT
MYSQL_OPT_CONNECT_TIMEOUT
MYSQL_OPT_RECONNECT
MYSQL_OPT_RETRY_COUNT

I think this is an option worth adding for 1.2 so I'm going to be adding this. If you wish to back port the changes to your specific spine version, it shouldn't be too hard to do.

_________________
Cacti Resources:
Cacti Website
Cacti Issues
Cacti Releases

My resources:
How to submit Pull Requests
Development Wiki and How To's
Updated NetSNMP Memory template for Cacti 1.x
Cisco SFP template for Cacti 0.8.8


Top
 Profile  
 
 Post subject: Re: Can spine initiate ssl connection to mysql server?
PostPosted: Fri Aug 10, 2018 6:23 am 
Offline
Cacti Guru User

Joined: Sun Aug 27, 2017 12:05 am
Posts: 1435
I've created a change request which you can following:
https://github.com/Cacti/spine/issues/64
https://github.com/Cacti/spine/pull/65

_________________
Cacti Resources:
Cacti Website
Cacti Issues
Cacti Releases

My resources:
How to submit Pull Requests
Development Wiki and How To's
Updated NetSNMP Memory template for Cacti 1.x
Cisco SFP template for Cacti 0.8.8


Top
 Profile  
 
 Post subject: Re: Can spine initiate ssl connection to mysql server?
PostPosted: Fri Aug 10, 2018 6:41 am 
Offline

Joined: Mon Apr 06, 2015 7:01 am
Posts: 18
netniV wrote:
I've created a change request which you can following:
https://github.com/Cacti/spine/issues/64
https://github.com/Cacti/spine/pull/65

Thanks netniV! I'll follow change request you've created.


Top
 Profile  
 
 Post subject: Re: Can spine initiate ssl connection to mysql server?
PostPosted: Sun Aug 12, 2018 8:58 am 
Offline
Cacti Guru User

Joined: Sun Aug 27, 2017 12:05 am
Posts: 1435
It's been merged into develop now. Spine develop is effectively pre-release Spine 1.2 so you should only use it with the Cacti develop branch at the moment. If someone needed SSL in 1.1.x versions, the changes made could be replicated back into the 1.1.38 release easily enough by following the commits made.

_________________
Cacti Resources:
Cacti Website
Cacti Issues
Cacti Releases

My resources:
How to submit Pull Requests
Development Wiki and How To's
Updated NetSNMP Memory template for Cacti 1.x
Cisco SFP template for Cacti 0.8.8


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group