0
Answered

Can't set up mysql monitor because of firewall

folioguru 7 years ago updated by Konstantin (Here to help) 7 years ago 8

I have a server that is sitting behind a firewall that protects port 3306.  I installed the agent and Anturis sees the server.  However, when I try to set up mysql server monitor, I can't get past username/password section.  Can't open database due to error 1600.  I would think that the agent would provide some way of access through the firewall, but don't know for sure.  Is there an IP (range) for Anturis that could be used to allow access to this port through the firewall?

Hi,

So I assume you installed agent to the different server than where mysql is located (is it possible to install it on the same server?). 

Do you mean you have a firewall between the server with agent and server with mysql (normally they would be located in the same LAN) ?

I will check what this error means and how exxactly it connects. Meantime you can help me if you answer the above questions.

Thanks!

I installed the agent on the same server as where mysql is located. The server appears  They are on the same machine.  The firewall is between our router and the rest of the world. 


When I click on "Create new component", the server where mysql is running and the agent is installed appears on the "Choose server" list.  The name of the server is displayed, the Linux version and the note "connected".   When I click on "Next", I am asked for the mysql server username and password.  The port, 3306 is correct.  The username and password I enter are the same as what I enter to access mysql from the command line on the localhost (I verified this twice). The agent still reports error 1600.


I verified mysql is running on that port:

[root@db ~]# fuser 3306/tcp
here: 3306
3306/tcp:  3090
[root@db ~]# ps -p 3090
  PID TTY  TIME CMD
 3090 ?  10:54:12 mysqld

Got it, thanks. Will investigate.

So that's not a firewall problem as you can see the agent is connected ok. Agent then need to connect to MySQL locally - and we will check why it doesn't happen.

Hi! 

The problem is mysql error 1130, which is caused with your mysql user configuration. Agent by default tryes to connect to 127.0.0.1 and user 'root' is not granted access to 127.0.0.1.

Could you please try the following. 

  • Create custom (empty) component. 
  • Enter into it and click 'new monitor', then select local resources->Mysql. 
  • You will get to the monitor configuration where you will be able to set up hostname. 
  • Put there 'localhost' or server's LAN IP or its hostname.

You can also check/ammend your mysql access permissions and just grant root to access 127.0.0.1 (which is for MySQL is not the same as localhost).

Please let us know how it goes.

Thanks

Will something like this do to grant root access in mysql?

GRANT SELECT ON *.* TO root@127.0.0.1 IDENTIFIED BY 'password';
I assume all we need to give the user at 127.0.0.1 is select privileges?  Also, do we have to give access to all databases, or just one in particular?

Yes, this should work. I do not remember the exact syntax.

Please let me know if it solves the problem.

Yes, this does work.  Although I still would like to know if it is necessary to give

root@127.0.0.1
access to all databases or just one.


Thanks so much for the help!