Access denied for user root


#1

Hi everybody,

I’m completely new to icinga so maybe this is a somewhat stupid question.

I installed icinga2 and icingaweb2 on a Ubuntu 18.04.01 x64 virtual machine (VMWare), php is version 7.2.
I followed the installation instructions from here and here and it went smoothly for most of the time.
The only thing I did that is not in the instructions is that I created a two additional MySQL users: localadmin@localhost and remoteadmin@%. Both have all privileges everywhere (grant all privileges on . to … with grant option; flush privileges;).
To finish the setup I go to servername/icingaweb2/setup and answer every question asked. And the very last step fails


On top it says that it connected successfully to the db “icinga2”, creates the db schema, create login “root” and gives the necessary permissions.
And then it says "could not create user “icingaadmin”. An error occured.
Same for the usergroup “Administrators”. Both times the error is "Access denied for user ‘root’@‘localhost’

Why is that? At the beginning it says that everthing went ok. Could someone help me out please?

Regards
JB


#2

For me it looks like the MySQL root user is not allowed to connect from localhost to the icingaweb DB.

icingaadmin would be the icingaweb2 UI user and “Administratoren” the user group. Those are saved in the database of icingaweb

Also “Die Datenbank “%s” …” looks strange to me.


#3

“Die Datenbank “%s”…” is a simple translation error IMHO.

Just for me to b e clear: “localhost” means here the virtual machine icinga is running on, right?
How do I grant root the necessary privileges?

Thanks for your quick response.


#4

Yes. I assume you installed icinga2, icingaweb2 and mysql on the same VM, correct?

Normally the setup wizard does the database setup for you.
If I remember correctly it first asks you to configure the IDO database (connection details and credentials), then for the mysql root user.
After this you chose if you want to store the icingaweb2 users in files or the database. If you chose DB you need to input the information for the DB and the setup creates it for you.

Can you log into you mysql database with mysql -u root -p and get asked for a password?
Or does mysql -u root work without a password?

I usually set up one user for my icinga_ido database and one for my icingaweb database:
image
image
In folgender Anleitung ist das auch nochmal etwas beschrieben:


#5

All programs are running on the same VM, that is correct.

mysql -u root does not ask me for a password. Should I change that?
During the installs I used the db configuration wizard that did a lot of things automatically. Maybe that’s a problem?


(Roland) #6

Do you know you need to have at least 2 databases? One for Icinga2 and one for Icingaweb2.


(Roland) #7

Here you’ll find some information about the root password topic.


#8

I would say yes.

Can you show the content of /etc/icingaweb2/resources.ini ?
As @rsx said, you need to have a icingaweb database for storing the icingaweb users.
I suspect the %s says that there is no such database

As I said normally the setup wizard creates those databases for you if it is provided with a mysql root user.

Also you can check the grants for root@localhost with SHOW GRANTS FOR 'root'@'localhost';

+------------------------------------------------------------------------------------------------+
| Grants for root@localhost                                                                      |
+------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION |
| GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION                                  |
+------------------------------------------------------------------------------------------------+
+------------------------------------------------------------------------------------------------------------------------------+
| Grants for icinga2@monitoring.x.loc                                                                                    |
+------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'icinga2'@'monitoring.x.loc' IDENTIFIED BY PASSWORD '*abc'  |
| GRANT SELECT, INSERT, UPDATE, DELETE, DROP, INDEX, EXECUTE, CREATE VIEW ON `icinga2`.* TO 'icinga2'@'monitoring.x.loc' |
+------------------------------------------------------------------------------------------------------------------------------+
+-------------------------------------------------------------------------------------------------------------------------------+
| Grants for icingaweb@monitoring.x.loc                                                                                   |
+-------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'icingaweb'@'monitoring.x.loc' IDENTIFIED BY PASSWORD '*abc' |
| GRANT ALL PRIVILEGES ON `icingaweb2`.* TO 'icingaweb'@'monitoring.x.loc'                                                |
| GRANT ALL PRIVILEGES ON `icingadirector`.* TO 'icingaweb'@'monitoring.x.loc'                                            |
+-------------------------------------------------------------------------------------------------------------------------------+



#9

The requested information:
ini

I think I can see the problem now :slight_smile:
So if the setup asks me for a db-ressource to store users and groups I simply put in the name of a nonexistent db and he will create and configure it for me and my problems vanish? That would be a perfect ending for this week…


#10

Yes.

Or you could set the root users password to what you have in the resources.ini file. That should also work.


#11

Well, here we are again…

I tried to change the root password via mysqladmin and get this message while the password remains blank:

Next step: I installed the MySQL Workbench, connected successfully to the server and tried to change the password from there. That was when I noticed this:
icinga_mysql_auth_socket

Every other user looks like this:
icinga_mysql_standard

I can’t change the authentication type for root. Why is that and is that a problem?

[EDIT] I re-ran the mysql_secure_installation script, activated the authentication plugin and set a password for root. Alas that changed nothing: sudo mysql -u root will still log me in. :frowning:

Regards
JB


#12

Have you tried creating a dedicated user for your icinga2 db and use it in the icingaweb config instead of the root user? I would favor that over using the root user for the web ui.

You could try resetting the password and changing the auth plugin to mysql_native_passwordwith the solution from


#13

By following the steps described I locked my root and localadmin user out of my MySQL-installation.

I’m quite fed up with this. I’ll throw that VM out and set up a shiny new one.

Great thanks to @log1c and @rsx for trying to help me out. Stay tuned for the new adventures of me trying to wrestle Icinga down…


#14

Damn, sorry :S

Maybe try following the steps from https://www.unixe.de/icinga-2-icinga-web-2-unter-debian-9/

As said, normally the web ui setup wizard tells you what to input and the fields. Try using dedicated users for the different databases and just supply the root user so that the setup can do its “magic” :wink:


#15

I found this in the Workbench:

Maybe there was the problem. We will never know :wink:

Ubuntu is already installing, I’m on my way home and tomorrow I’ll give it a new try…


#16

NAILED IT!

Ic can’t tell you what I did different than before, but somehow it works now. Created two MySQL user "localadmin@localhost and remoteadmin@% and grant all on everything. Used the localadmin to create the the users-db. For some reason it worked this time.

Problem solved, thread closed.


#17

:+1:

You can mark one answer as solution, so the thread will be shown as resolved.

have fun with icinga2!