search

ikzelf / zbxdb

Zabbix database monitoring, the easy and extendable way
GNU General Public License v3.0
94 stars 45 forks source link

Connect to Azure MSSQL - how to enable encryption? #25

Closed mantonik closed 4 years ago

mantonik commented 4 years ago

I am trying to connect o Azure MSSQL 12 DB

When I run command python3 /home/zbxdb/bin/zbxdb.py -c $HOME/etc/zbxdb.mssql_prod.cfg

I am getting an error

CRITICAL:main:problem Traceback (most recent call last): File "/home/zbxdb/bin/zbxdb.py", line 395, in main _conn = db_connections.connect(db_driver, _config) File "/home/zbxdb/bin/dbconnections/mssql.py", line 63, in connect appname=_c['ME'] File "/usr/local/lib/python3.6/site-packages/pytds/init.py", line 1196, in connect conn._open() File "/usr/local/lib/python3.6/site-packages/pytds/init.py", line 349, in _open raise last_error File "/usr/local/lib/python3.6/site-packages/pytds/init.py", line 302, in _open conn.login(login, sock, self._tzinfo_factory) File "/usr/local/lib/python3.6/site-packages/pytds/tds.py", line 1712, in login self._main_session.process_prelogin(login) File "/usr/local/lib/python3.6/site-packages/pytds/tds.py", line 1363, in process_prelogin raise tds_base.Error('Client does not have encryption enabled but it is required by server, ' pytds.tds_base.Error: Client does not have encryption enabled but it is required by server, enable encryption and try connecting again

Configuration

[zbxdb] db_url=//DBSERVER.database.windows.net/database username = USERNAME password = db_type=mssql server=DBSERVER.database.windows.net server_port=1433 db_name=master db_driver=pytds role=normal out_dir=$HOME/zbxdb_out hostname=mssql_prod checks_dir=etc/zbxdb_checks site_checks=NONE instance_type=rdbms password_enc=

Server Linux Oracle 4.14.35-1902.7.3.el7uek.x86_64 #2 SMP Thu Oct 31 10:06:41 PDT 2019 x86_64 x86_64 x86_64 GNU/Linux

monitoring platform:

Thank you for help

ikzelf commented 4 years ago

Hi, thanks for reporting. I did not implement this -yet- Reading https://github.com/denisenkom/pytds I see that a cafile parameter is needed to accomplish a tls encrypted session. You also need pyOpenSSL for this to work. What I can do is add the cafile as an optional parameter and pass that to the connection request.

Do you have a better idea?

ikzelf commented 4 years ago

I have added support for cafile as described in https://github.com/denisenkom/pytds. Since I have no config to test this: fingers crossed but if your cafile has the correct contents I am quite confident that this will work.

mantonik commented 4 years ago

Thank you I will try and let you know.

ikzelf commented 4 years ago

Did you already manage to test this?

ikzelf commented 4 years ago

I assume this works now.