How to monitor MySQL by Zabbix (in docker containers)? - mysql

I have:
Zabbix server (computer A)
Zabbix agent (computer B)
Mysql (computer B)
But all of this components work inside Docker containers. How could I monitor Mysql by Zabbix in this case?
I saw this page (https://www.zabbix.com/integrations/mysql). But i think, this won't work in my case.

You can definitely use "Template DB MySQL by Zabbix agent":
if the Zabbix Agent is not dockerized:
and the MySQL port is published/mapped:
just follow the instructions.
else:
map the port, and follow instructions.
else:
check that mysql client is present in the docker image, add it if missing
link that container to the MySQL container, and follow instructions.

Related

Emulating MySQL Workbench "standard TCP/IP over SSH" from the command line

MySQL workbench has a handy connection option - 'standard TCP/IP over SSH'. This allows me to connect to a publicly-inaccessible MySQL server (let's call it mysql#private.com), by SSH-ing onto a remote server (let's call it myserver#public.com) that is on the same network as the MySQL server.
I am trying to re-create this using the MySQL command line client and persistently failing. I have tried opening an SSH tunnel to forward port 3306 from myserver#public.com, to 127.0.0.1 (ie, localhost). This does not work, because at no point have I specified where to find mysql#private.com.
I presume MySQL workbench must pull off this handy trick via some combination of the MySQL client CLI and generally-availble tools like SSH. If anyone could show me how it's done, I'd be most grateful.
As is customary with SO I googled for about three hours before posting this question then found the answer within about three minutes of posting it. There is a detailed guide here:
https://medium.com/#deepspaceprog/how-to-connect-via-ssh-to-an-amazon-rds-instance-running-postgresql-5e7661cdd37e
That says it better than I can but the critical command is this:
ssh -N -L 3306:mysql#private.com:3306 myserver#public.com
If I paraphrase this into English, I believe it might say
"ssh into myserver#public.com; forward port 3306 on the local connection mysql#private.com to 3306 on the local machine".

How to setup mysql develper for PCF mySQL database to manage it

I am trying to understand PCF concepts and thinking that once i am done with creating mysql services in PCF, how i can manage that database like creating tables and maintaining that table just like we do in pur traditional environment using mySqldeveoper. I came across one service like PivotalMySQLWeb and tried but didnt liked it much. So if somehow i can get connection details of mysql service , i can use that to connect using sql developer.
The links #khalid mentioned are definitely good.
http://docs.pivotal.io/p-mysql/2-0/use.html
https://github.com/andreasf/cf-mysql-plugin#usage
More generally, you can use an SSH tunnel to access any service, not just MySQL. This also allows you to use whatever tool you would like to access the service.
This is documented here, but if for some reason that goes away here are the steps.
Create your target service instance, if you don't have one already.
Push an app, any app. It really doesn't matter, it can be a hello world app. The app doesn't even need to use the service. We just need something to connect to.
Either Bind the service from #1 to the app in #2 or create a service key using the service from #1. If you bind to the app, run cf env <app> or if you use a service key run cf service-key MY-DB EXTERNAL-ACCESS-KEY and either one will give you your service credentials.
Run cf ssh -L 63306:us-cdbr-iron-east-01.p-mysql.net:3306 YOUR-HOST-APP, where 63306 is the local port you'll connect to on your machine and us-cdbr-iron-east-01.p-mysql.net:3306 are the host and port from the credentials in step #3.
The tunnel is now up, use whatever client you'd like to connect to your service. For example: mysql -u b5136e448be920 -h localhost -p -D ad_b2fca6t49704585d -P 63306, where b5136e448be920 and ad_b2fca6t49704585d are the username and database name from step #3 and 63306 is the local port you picked from step #4.
Additionally, if you want to connect aws-rds-mysql (instantiated from Pivotal Cloud Foundry) from IntelliJ, you can use the DB-Navigator Plugin (https://plugins.jetbrains.com/plugin/1800-database-navigator) inside IntelliJ, through which, database manipulation can be performed.
After creating the ssh tunnel $ cf ssh -L 63306:<DB_HOSTNAME>:3306 YOUR-HOST-APP (as also mentioned in https://docs.pivotal.io/pivotalcf/2-4/devguide/deploy-apps/ssh-services.html),
Go to DB Navigator plugin and click on custom under new connection.
Enter the URL as: jdbc:mysql://:password>#localhost:63306/<database_name>
The following thread might be helpful for you as well How do I connect to my MySQL service on Pivotal Cloud Foundry (PCF) via MySQL Workbench or CLI or MySQLWeb Database Management App?

How best to connect containers within Docker

Do i always need to use the --link command to link to containers to one another or can i just ping the ip of the 2nd container from the 1st container.
Example:
Container 1 running mysql (tcp 3306) : ip 10.0.0.7
Container 2 running lamp : ip 10.0.0.8
can 0.8 not just directly connect to 0.7 they are on the same bridge ?
Thanks once again for the help
Regards
Hareem Haque
It depends even on your network topology.
If you choose "secure" setup with --icc=false you will have to use --link for dockers to communicate.
Documentation at [1] explains it.
Link:
[1] - https://docs.docker.com/articles/networking/#communication-between-containers
Regards
Paolo
Basically, I added --icc=true to my docker opts and restarted docker. I just ran a test connecting a php container to a mysql container without using --link. Everything works great. I see no error. I can now easily connect containers together via bridge ip address.
If you want to connect containers on different hosts, the best option available right now is using Weave:
https://github.com/zettio/weave
Another is Open vSwitch, but it's too messy for my taste. Docker's acquisition of SocketPlane could result in something usable, but we are not there yet. I would go with Weave.

Site to site OpenSWAN VPN tunnel issues with AWS

We have a VPN tunnel with Openswan between two AWS regions and our colo facility (Used AWS’s guide: http://aws.amazon.com/articles/5472675506466066). Regular usage works OK (ssh, etc), but we are having some MySQL issues over the tunnel between all areas. Using mysql command line client on a linux server and trying to connect using the MySQL Connector J it basically stalls… it seems to open the connection, but then gets stuck. It doesn't get denied or anything, just hangs there.
After initial research thought this was an MTU issue, but I've messed with that a lot and no luck.
Connection to the server works fine, and we can choose a database to use and such, but using the Java connector it appears that the Java client isn't receiving any network traffic after the query is made.
When running a select in the MySQL client on linux we can get a max of 2 or 3 rows before it goes dead.
With this said, I also have a separate openswan VPN on the AWS side for client (mac and iOS) vpn connections. Everything works fantastically through the client VPN and it seems more stable in general. The main difference I've noticed is that the static connection is using "tunnel" as the type and the client is using "transport", but when switching the static tunnel connection to transport it says there's like 30 open connections and doesn't work.
I'm very new to OpenSWAN, so hoping someone can help to point me in the right direction of getting the static tunnel working as well as the client VPN.
As always, here's my config files:
ipsec.conf for BOTH static tunnel servers:
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
include /etc/ipsec.d/*.conf
VPC1-to-colo tunnel conf
conn vpc1-to-DT
type=tunnel
authby=secret
left=%defaultroute
leftid=54.213.24.xxx
leftnexthop=%defaultroute
leftsubnet=10.1.4.0/24
right=72.26.103.xxx
rightsubnet=10.1.2.0/23
pfs=yes
auto=start
colo-to-VPC1 tunnel conf
conn DT-to-vpc1
type=tunnel
authby=secret
left=%defaultroute
leftid=72.26.103.xxx
leftnexthop=%defaultroute
leftsubnet=10.1.2.0/23
right=54.213.24.xxx
rightsubnet=10.1.4.0/24
pfs=yes
auto=start
Client point VPN ipsec.conf
# basic configuration
config setup
interfaces=%defaultroute
klipsdebug=none
nat_traversal=yes
nhelpers=0
oe=off
plutodebug=none
plutostderrlog=/var/log/pluto.log
protostack=netkey
virtual_private=%v4:10.1.4.0/24
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
type=transport
forceencaps=yes
right=%any
rightsubnet=vhost:%any,%priv
rightprotoport=17/0
# Using the magic port of "0" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port, but propose "0" instead of their port.
left=%defaultroute
leftprotoport=17/1701
# Apple iOS doesn't send delete notify so we need dead peer detection
# to detect vanishing clients
dpddelay=10
dpdtimeout=90
dpdaction=clear
Found the solution. Needed to add the following IP tables rule on both ends:
iptables -t mangle -I POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
This along with an MTU of 1400 and we're looking very solid
We had the same issue with a server connecting from the EU region to an RDS instance in the US. This appears to be a known issue with the RDS instances not responding to ICMP which is needed to auto-discover the MTU settings. As a workaround, you'll need to configure a smaller MTU on the instance that is performing the query.
On the server that is making the connection to the RDS instance (not the VPN tunnel instances), run the following command to get a MTU setting of 1422 (which worked for us):
sudo ifconfig eth0 mtu 1422

MYSQL - Cant connect to MYSQL server on 'localhost' (10061)

Ive install wamp server on my PC(it has no internet or intranet connection, Windows XP -OS).
But when I access MYSQL this error popup.
Can you give any idea on how can i resolve this error.
thank you very much.
Cant connect to MYSQL server on 'localhost' (10061)
from the commandline (start/run/ type cmd, press ok), type:
telnet localhost 3306
If MySQL is running, you'll see the mysql version (and some garbage).
To see if the service is running, type:
sc query mysql
You'll see something like this if it's running:
SERVICE_NAME: mysql
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
To check to see if MySQL is running, provided its installed as a service you can go to Start -> Control Panel -> Administrative Tools -> Services (i may be a bit off on those paths, I'm an OS X / Linux user), and look for MySQL on that list. See if it is started or stopped.
You can then do a portscan if you really want to and determine if that port is open. There are all kinds of free tools online that will scan your IP and tell you which ports are open and what is listening on them.
Unless you did something during the install, I believe that the port will be standard and the service will NOT be running after install.
MySQL provides several GUI tools for managing servers: http://dev.mysql.com/downloads/gui-tools/5.0.html One of those tools is the "MySQL System Tray Monitor" which will detect the running service, and allow you to stop and start the server easily. You can also review the list of services for "MySQL" to see if that service is active.
If the service is running and you still can't connect, you need to make sure the Windows firewall is not blocking access to the port. If your firewall is not configured to notify you when it block a program (check the Windows Firewall control panel, it might not have notified you that it's detected the program).
Make sure it is running, check in my.cnf that it is really listening to the correct IP ( 127.0.0.1 ) and make sure you connect to the correct port aswell.
Try using telnet for debugging aswell and see where the problem lies, maybe mysql isnt started, or listens to a different port.
try to change a mysql port 3300 to "3306"