<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi all.<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">I upgraded my Centos box ,thruk and naemon to the latest version a couple of days ago. Below is my version info.<o:p></o:p></p>
<p class="MsoNormal">[root@myhost ~]# cat /etc/redhat-release <o:p></o:p></p>
<p class="MsoNormal"> CentOS Linux release 7.3.1611 (Core)<o:p></o:p></p>
<p class="MsoNormal">[root@myhost ~]# rpm -qa | grep 'thruk\|naemon'<o:p></o:p></p>
<p class="MsoNormal"> thruk-plugin-reporting-2.12-3.x86_64<o:p></o:p></p>
<p class="MsoNormal"> naemon-devel-1.0.6-1.el7.centos.x86_64<o:p></o:p></p>
<p class="MsoNormal"> libnaemon-1.0.6-1.el7.centos.x86_64<o:p></o:p></p>
<p class="MsoNormal"> naemon-tools-1.0.6-1.el7.centos.x86_64<o:p></o:p></p>
<p class="MsoNormal"> libthruk-2.10-1.el7.centos.x86_64<o:p></o:p></p>
<p class="MsoNormal"> naemon-thruk-1.0.6-1.el7.centos.x86_64<o:p></o:p></p>
<p class="MsoNormal"> naemon-core-1.0.6-1.el7.centos.x86_64<o:p></o:p></p>
<p class="MsoNormal"> thruk-base-2.12-3.x86_64<o:p></o:p></p>
<p class="MsoNormal"> naemon-1.0.6-1.el7.centos.x86_64<o:p></o:p></p>
<p class="MsoNormal"> naemon-debuginfo-1.0.3-1.el7.centos.x86_64<o:p></o:p></p>
<p class="MsoNormal"> naemon-core-dbg-1.0.6-1.el7.centos.x86_64<o:p></o:p></p>
<p class="MsoNormal"> naemon-livestatus-1.0.6-1.el7.centos.x86_64<o:p></o:p></p>
<p class="MsoNormal"> thruk-2.12-3.x86_64<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">I thought everything had gone well but noticed an issue after a restart yesterday. The thruk ui tells me there is no backend available and the thruk log has entries confirming this.<o:p></o:p></p>
<p class="MsoNormal">[root@myhost ~]# tail /var/log/thruk/thruk.log<o:p></o:p></p>
<p class="MsoNormal"> [2017/01/25 12:18:22][myhost][ERROR][Thruk] No Backend available<o:p></o:p></p>
<p class="MsoNormal"> [2017/01/25 12:18:22][myhost][ERROR][Thruk] on page: http://myhost.example.com/thruk/cgi-bin/status.cgi?host=all&_=1485346700788<o:p></o:p></p>
<p class="MsoNormal"> [2017/01/25 12:18:22][myhost][ERROR][Thruk] Naemon: ERROR: failed to connect - Permission denied. (/var/cache/naemon/live)<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">There is a naemon user and group and they own the Naemon process and files, thruk runs with the apache user and this user was added to the naemon group.<o:p></o:p></p>
<p class="MsoNormal">[root@myhost ~]# ps aux | grep '[t]hruk\|[h]ttpd\|[n]aemon'<o:p></o:p></p>
<p class="MsoNormal"> naemon 1134 0.0 0.0 303956 868 ? S 10:11 0:00 /usr/local/pnp4nagios/bin/npcd -d -f /usr/local/pnp4nagios/etc/npcd.cfg<o:p></o:p></p>
<p class="MsoNormal"> naemon 8601 0.3 0.4 157116 8316 ? Ss 12:07 0:06 /usr/bin/naemon --daemon /etc/naemon/naemon.cfg<o:p></o:p></p>
<p class="MsoNormal"> naemon 8602 0.0 0.0 17628 1280 ? S 12:07 0:00 /usr/bin/naemon --worker /var/lib/naemon/naemon.qh<o:p></o:p></p>
<p class="MsoNormal"> naemon 8603 0.0 0.0 17628 1288 ? S 12:07 0:00 /usr/bin/naemon --worker /var/lib/naemon/naemon.qh<o:p></o:p></p>
<p class="MsoNormal"> naemon 8604 0.0 0.0 17628 1280 ? S 12:07 0:00 /usr/bin/naemon --worker /var/lib/naemon/naemon.qh<o:p></o:p></p>
<p class="MsoNormal"> naemon 8605 0.0 0.0 17628 1280 ? S 12:07 0:00 /usr/bin/naemon --worker /var/lib/naemon/naemon.qh<o:p></o:p></p>
<p class="MsoNormal"> naemon 8606 0.0 0.2 91512 5400 ? S 12:07 0:00 /usr/bin/naemon --daemon /etc/naemon/naemon.cfg<o:p></o:p></p>
<p class="MsoNormal"> root 8808 0.0 0.8 349364 16100 ? Ss 12:07 0:00 /usr/sbin/httpd -DFOREGROUND<o:p></o:p></p>
<p class="MsoNormal"> root 8818 0.0 1.3 126612 24824 ? S 12:07 0:00 perl -x /usr/share/thruk/thruk_auth<o:p></o:p></p>
<p class="MsoNormal"> apache 8820 0.0 0.2 299556 4292 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND<o:p></o:p></p>
<p class="MsoNormal"> apache 8821 0.0 0.4 349676 7972 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND<o:p></o:p></p>
<p class="MsoNormal"> apache 8822 0.0 0.4 349704 7864 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND<o:p></o:p></p>
<p class="MsoNormal"> apache 8823 0.0 0.4 349696 7844 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND<o:p></o:p></p>
<p class="MsoNormal"> apache 8824 0.0 0.4 350064 8104 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND<o:p></o:p></p>
<p class="MsoNormal"> apache 8825 0.0 0.4 350064 8236 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND<o:p></o:p></p>
<p class="MsoNormal"> apache 8853 0.0 2.2 119444 41708 ? S 12:08 0:01 /usr/bin/perl /usr/share/thruk/script/thruk_fastcgi.pl<o:p></o:p></p>
<p class="MsoNormal"> apache 11149 0.0 0.4 349696 7844 ? S 12:10 0:00 /usr/sbin/httpd -DFOREGROUND<o:p></o:p></p>
<p class="MsoNormal">[root@ myhost ~]# id naemon<o:p></o:p></p>
<p class="MsoNormal"> uid=995(naemon) gid=994(naemon) groups=994(naemon)<o:p></o:p></p>
<p class="MsoNormal">[root@ myhost ~]# id apache<o:p></o:p></p>
<p class="MsoNormal"> uid=48(apache) gid=48(apache) groups=994(naemon),48(apache)<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">The permissions of the socket file and folders that contain it seem ok.<o:p></o:p></p>
<p class="MsoNormal">[root@myhost ~]# ls -lad /var/<o:p></o:p></p>
<p class="MsoNormal"> drwxr-xr-x. 21 root root 4096 Jan 25 10:10 /var/<o:p></o:p></p>
<p class="MsoNormal">[root@myhost ~]# ls -lad /var/cache/<o:p></o:p></p>
<p class="MsoNormal"> drwxr-xr-x. 10 root root 112 Jan 25 08:56 /var/cache/<o:p></o:p></p>
<p class="MsoNormal">[root@myhost ~]# ls -lad /var/cache/naemon/<o:p></o:p></p>
<p class="MsoNormal"> drwxrwsr-x. 3 naemon naemon 29 Jan 25 12:07 /var/cache/naemon/
<o:p></o:p></p>
<p class="MsoNormal"> [root@myhost ~]# ls -la /var/cache/naemon/live<o:p></o:p></p>
<p class="MsoNormal"> srw-rw---- 1 naemon naemon 0 Jan 25 12:07 /var/cache/naemon/live<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">Accessing the livestatus seems ok for root and naemon users but not for apache user.<o:p></o:p></p>
<p class="MsoNormal">[root@myhost ~]# echo -e 'GET hosts\nColumns: name\nFilter: host_name = localhost' | unixcat /var/cache/naemon/live<o:p></o:p></p>
<p class="MsoNormal"> localhost <o:p></o:p></p>
<p class="MsoNormal"> [root@myhost ~]# su -c "echo -e 'GET hosts\nColumns: name\nFilter: host_name = localhost' | unixcat /var/cache/naemon/live" naemon<o:p></o:p></p>
<p class="MsoNormal"> localhost <o:p></o:p></p>
<p class="MsoNormal"> [root@myhost ~]# su -c "echo -e 'GET hosts\nColumns: name\nFilter: host_name = localhost' | unixcat /var/cache/naemon/live" apache<o:p></o:p></p>
<p class="MsoNormal"> Couldn't connect to UNIX-socket at /var/cache/naemon/live: Permission denied.<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">If I change the group ownership to apache is then works <o:p>
</o:p></p>
<p class="MsoNormal"> [root@myhost ~]# chown naemon:apache /var/cache/naemon/live
<o:p></o:p></p>
<p class="MsoNormal"> [root@myhost ~]# ls -la /var/cache/naemon/live<o:p></o:p></p>
<p class="MsoNormal"> srw-rw---- 1 naemon apache 0 Jan 25 12:07 /var/cache/naemon/live
<o:p></o:p></p>
<p class="MsoNormal"> [root@myhost ~]# su -c "echo -e 'GET hosts\nColumns: name\nFilter: host_name = localhost' | unixcat /var/cache/naemon/live" apache<o:p></o:p></p>
<p class="MsoNormal"> localhost<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">I have other servers running exactly the same setup and they seem ok, must say I am stumped...<o:p></o:p></p>
<p class="MsoNormal">Any suggestions?<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">Thanks<o:p></o:p></p>
<p class="MsoNormal">Andrew<o:p></o:p></p>
</div>
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender
immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
</body>
</html>