[ZBXNEXT-7121] Add user auth support for zabbix-agent2 redis plugin

Type: New Feature Request
Resolution: Fixed
Priority: Trivial
Fix Version/s: 7.0.10rc1, 7.2.4rc1, 7.4.0alpha1
Affects Version/s: None
Component/s: Agent2 plugin (G)
Labels:
None

Sprint:
Sprint candidates
Story Points:
2

Redis since 6 version, supports user ACL (ACL user password), go-redis also supports Options.Username parameter in connection options since v7.3.

But redis plugin documentation said

"Embedded URI credentials (userinfo) are forbidden and will be ignored. So, you can't pass the credentials by this:

redis.ping[tcp://user:password@127.0.0.1] — WRONG"

I wonder, why. Using ACL like "user zabbix on +@connection +info +config +slowlog >password" and connection URI tcp://zabbix:password@localhost:6379 is more configurable and secure way, than using global admin password for all redis instances.

part of

ZBXNEXT-9722 Add password and user macros to Redis template

Open

related to

ZBXNEXT-9491 Plugins.Redis.Sessions.<SessionName>.User option not recognized

Confirmed

Joachim added a comment - 2023 Feb 28 15:56

I am willing to try working on this feature. How can I get started ? Do the project accepts merge requests ?

Joachim added a comment - 2023 Feb 28 15:56 I am willing to try working on this feature. How can I get started ? Do the project accepts merge requests ?

greg long added a comment - 2023 Sep 30 17:40

I also need this feature

using default user is not feasible in many cases as zabbix agent plugin seems to require +config which exposes many this we dpon;t wish to expose to default

greg long added a comment - 2023 Sep 30 17:40 I also need this feature using default user is not feasible in many cases as zabbix agent plugin seems to require +config which exposes many this we dpon;t wish to expose to default

Matthew Steeves added a comment - 2023 Dec 02 04:15 - edited

Just to add some more info, the Zabbix Agent2 plug-in for Redis uses the Radix Go client to interface with Redis.
I found that in the Redis plug-in (conn.go on line 148), Zabbix uses the Radix call DialAuthPass(), which only takes a password. Per Radix's docs, in version 3.5.0 they added DialAuthUser(), which takes both username and password. Guessing this wasn't available at time Zabbix was developing the plugin...

I haven't tried this (yet), but wanted to put what I learned from digging I was doing today. Personally, I'm going to first see if we can use the Unix socket approach instead.

Matthew Steeves added a comment - 2023 Dec 02 04:15 - edited Just to add some more info, the Zabbix Agent2 plug-in for Redis uses the Radix Go client to interface with Redis. I found that in the Redis plug-in ( conn.go on line 148 ), Zabbix uses the Radix call DialAuthPass() , which only takes a password. Per Radix's docs, in version 3.5.0 they added DialAuthUser(), which takes both username and password. Guessing this wasn't available at time Zabbix was developing the plugin... I haven't tried this (yet), but wanted to put what I learned from digging I was doing today. Personally, I'm going to first see if we can use the Unix socket approach instead.

Pietro Marini (RCA Systems) added a comment - 2024 Mar 11 15:55

Any update on this issue? I think that in many situations, it wouldn't be acceptable to not have authentication on Redis because the monitoring agent doesn't support it.

Pietro Marini (RCA Systems) added a comment - 2024 Mar 11 15:55 Any update on this issue? I think that in many situations, it wouldn't be acceptable to not have authentication on Redis because the monitoring agent doesn't support it.

Matthew Steeves added a comment - 2024 Mar 15 20:08

Hey Marini, I ended up extending the agent and got redis monitoring working with a username and password. Wasn't terribly hard. I just compiled the customizations on one agent and am running all my redis checks from there. It ends up being about 9 lines of code changes, and then 4 lines of template changes to use the new functionality. If you want more detail, let me know.

Matthew Steeves added a comment - 2024 Mar 15 20:08 Hey Marini , I ended up extending the agent and got redis monitoring working with a username and password. Wasn't terribly hard. I just compiled the customizations on one agent and am running all my redis checks from there. It ends up being about 9 lines of code changes, and then 4 lines of template changes to use the new functionality. If you want more detail, let me know.

Pietro Marini (RCA Systems) added a comment - 2024 Mar 15 22:03

Thanks for sharing Matthew.Steeves2, that's interesting.

If I got you correctly, you had to:

modify Zabbix Agent 2 code and compile it
change the template

While 2. would be just filing a merge request [here|https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/db/redis?at=release/6.4,] the modification 1. would need merging into a much larger code base.

In any case, yes, please give more details

Pietro Marini (RCA Systems) added a comment - 2024 Mar 15 22:03 Thanks for sharing Matthew.Steeves2 , that's interesting. If I got you correctly, you had to: modify Zabbix Agent 2 code and compile it change the template While 2. would be just filing a merge request [here| https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/db/redis?at=release/6.4 ,] the modification 1. would need merging into a much larger code base. In any case, yes, please give more details

Eriks Sneiders added a comment - 2025 Feb 04 15:42 - edited

Implemented in

7.0.10rc1,
- Zabbix agent 2: 34b9b8b906d
- Plugin support (sdk): 2d8ff4f1c56
7.2.4rc1,
- Zabbix agent 2: e09c4415a18
- Plugin support (sdk): f1cf35a78be
7.4.0alpha1 (master)
- Zabbix agent 2: 01cd832880e
- Plugin support (sdk): 06fc17a9298

Eriks Sneiders added a comment - 2025 Feb 04 15:42 - edited Implemented in 7.0.10rc1, Zabbix agent 2: 34b9b8b906d Plugin support (sdk): 2d8ff4f1c56 7.2.4rc1, Zabbix agent 2: e09c4415a18 Plugin support (sdk): f1cf35a78be 7.4.0alpha1 (master) Zabbix agent 2: 01cd832880e Plugin support (sdk): 06fc17a9298

Marianna Zvaigzne added a comment - 2025 Feb 27 09:09

Documented in:

What's new in Zabbix (7.0.10, 7.2.4)
Appendixes > Process configuration > Zabbix agent 2 plugins > Redis plugin (7.0, 7.2, 7.4)

Marianna Zvaigzne added a comment - 2025 Feb 27 09:09 Documented in: What's new in Zabbix ( 7.0.10 , 7.2.4 ) Appendixes > Process configuration > Zabbix agent 2 plugins > Redis plugin ( 7.0 , 7.2 , 7.4 )

Assignee:: Eriks Sneiders

Reporter:: Juri Malinovski

Team:: Team INT

Votes:: 11 Vote for this issue

Watchers:: 18 Start watching this issue

Created:: 2021 Dec 13 16:16

Updated:: 2025 Mar 03 15:56

Resolved:: 2025 Mar 03 15:56

Estimated:

Not Specified

Remaining:

Logged:

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Joachim added a comment - 2023 Feb 28 15:56

Expand comment: Joachim added a comment - 2023 Feb 28 15:56

Collapse comment: greg long added a comment - 2023 Sep 30 17:40

Expand comment: greg long added a comment - 2023 Sep 30 17:40

Collapse comment: Matthew Steeves added a comment - 2023 Dec 02 04:15, Edited by Matthew Steeves - 2023 Dec 02 04:23

Expand comment: Matthew Steeves added a comment - 2023 Dec 02 04:15, Edited by Matthew Steeves - 2023 Dec 02 04:23

Collapse comment: Pietro Marini (RCA Systems) added a comment - 2024 Mar 11 15:55

Expand comment: Pietro Marini (RCA Systems) added a comment - 2024 Mar 11 15:55

Collapse comment: Matthew Steeves added a comment - 2024 Mar 15 20:08

Expand comment: Matthew Steeves added a comment - 2024 Mar 15 20:08

Collapse comment: Pietro Marini (RCA Systems) added a comment - 2024 Mar 15 22:03

Expand comment: Pietro Marini (RCA Systems) added a comment - 2024 Mar 15 22:03

Collapse comment: Eriks Sneiders added a comment - 2025 Feb 04 15:42, Edited by Eriks Sneiders - 2025 Feb 04 15:43

Expand comment: Eriks Sneiders added a comment - 2025 Feb 04 15:42, Edited by Eriks Sneiders - 2025 Feb 04 15:43

Collapse comment: Marianna Zvaigzne added a comment - 2025 Feb 27 09:09

Expand comment: Marianna Zvaigzne added a comment - 2025 Feb 27 09:09

People

Dates

Time Tracking