NRPE in FreeBSD jail

Andy Shellam (Mailing Lists) andy.shellam-lists at mailnetwork.co.uk
Sat Jan 27 23:36:29 CET 2007
Previous message: NRPE in FreeBSD jail
Next message: nagios snmp traps??
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dan Langille wrote:
> On 27 Jan 2007 at 22:07, Andy Shellam (Mailing Lists) wrote:
>
>   
>> I've been struggling with this for the last 2 hours and I cannot work 
>> out where it's going wrong.
>> I have a Nagios 2.7 server talking to an NRPE 2.6 client.
>>
>> The Nagios 2.7 server is running FreeBSD as does the NRPE client - 
>> however the NRPE client is being run in a FreeBSD jail (this is a hosted 
>> system which I have no control of outside of the jail.)
>> I'm hoping I've simply missed something simple.
>>
>> When I run from the console of the NRPE client, as the Nagios user:
>>
>> $ /usr/local/bin/sudo /usr/local/nagios/libexec/check_swap -w 25% -c 10%
>> SWAP OK - 91% free (7442 MB out of 8192 MB) |swap=7442MB;2048;819;0;8192
>> $
>>     
>
> You are you issuing
>   

...?

>   
>> When I run the check from the Nagios server:
>>
>> sudo -u nagios /usr/local/nagios/libexec/check_nrpe -H 
>> mackay.mailnetwork.co.uk -c check_swap
>> NRPE: Unable to read output
>>
>> If I try an invalid command:
>>
>> sudo -u nagios /usr/local/nagios/libexec/check_nrpe -H 
>> mackay.mailnetwork.co.uk -c check_swapNOTEXIST
>> NRPE: Command 'check_swapNOTEXIST' not defined
>>
>> So, as you can see, it is reaching NRPE fine (and I presume the SSL is 
>> working correctly.)
>> I've tried starting up NRPE without SSL (-n), and ditto on the Nagios 
>> server - still the same error.
>> I've also tried setting allow_weak_random_seed=1, same error.
>>
>> I'm guessing it has something to do with NRPE not sending the output 
>> data from the plugin to the correct stream, and as I don't know much 
>> about FreeBSD jails, I don't know whether stdin/out works as normal.
>>
>> As you can see, I've also set debug=1, but don't get anything in my log 
>> files other than "daemon starting up."
>>
>> Is anyone else running NRPE inside a jail?  Or can point out something 
>> obvious I'm missing!?  Or how to get more debug info?
>>
>> Thanks
>>
>> Andy.
>>
>> ---
>>
>> My nrpe.cfg file:
>>
>> pid_file=/var/run/nrpe.pid
>> server_port=5666
>> #server_address=192.168.1.1
>> nrpe_user=nagios
>> nrpe_group=localservice
>> #allowed_hosts=127.0.0.1,10.100.9.201
>>     
>
> Why commented out?
>   

The server_address is commented out so NRPE binds to all addresses - 
this config file template came from another server where I only wanted 
it to listen on one of it's two addresses.
The allowed_hosts is commented out as a further debugging attempt.

>   
>> dont_blame_nrpe=0
>> command_prefix=/usr/local/bin/sudo
>> debug=1
>> command_timeout=60
>> connection_timeout=300
>> #allow_weak_random_seed=1
>>
>> command[check_swap]=/usr/local/nagios/libexec/check_swap -w 25% -c 10%
>>     
>
> You issued an sudo above, yet the command here does not use sudo.
>   

The command_prefix puts /usr/local/bin/sudo before all commands, as some 
core plugins require root access.

> I've seen this error before, and recently.  Usually it was a 
> permissions issue.  For some readon nrpe is unable to execute the 
> command.  Perhaps it is this sudo issue.
>   

Perhaps, but this same config works fine on a Fedora Core 4 system, by 
changing /usr/local/bin/sudo to /usr/bin/sudo.  Before I changed this I 
got the same error on the Fedora system, so I am leaning towards it 
being a permissions issue, but I can't figure out what.

> A side note: sometimes it helps to add wrapper function.  All the 
> wrapper function does it a cd /usr/local/nagios/libexec and then runs 
> the command you would normally specify in nrpe.cfg
>   

The plugins I'm trying to execute are all core plugins (check_swap, 
check_dns etc.)  I haven't had to add a wrapper on any other system 
(including an identical FreeBSD machine, just not running in a jail.)

Thanks,

Andy.


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: NRPE in FreeBSD jail
Next message: nagios snmp traps??
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list