Hi. We have a few filesystem checks where the mount point is owned by the postgres user. It appears that the service checks that use sudo only sudo to root and don't have options to sudo to specified users. Have I misunderstood how those checks work?
The nagios user receives access permission errors. The business owners are not inclined to change the filesystem permissions.
Thanks!
Executing service check as postgres user vs root
Re: Executing service check as postgres user vs root
We were able to come up with a "workaround" in our test environment, but your mileage may vary. I hope the example below can at least point you to the right direction.
On the remote system, we set up a mountpoint, owned by postgres:
We set up a wrapper script, named check_postgrespartion.sh, placed it in the plugins directory and made it executable:
We set up a NRPE command in the /usr/local/nagios/etc/nrpe/common.cfg file:
added the following line to the sudoers:
and restarted NRPE:
Next, we tested it by running the following command from the CLI on the Nagios XI server:
Hope this helps.
On the remote system, we set up a mountpoint, owned by postgres:
Code: Select all
df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_nagiosxi-lv_root
37G 9.0G 27G 26% /
tmpfs 3.9G 0 3.9G 0% /dev/shm
/dev/sda1 477M 126M 327M 28% /boot
tmpfs 512M 0 512M 0% /root/postgresdirnew
ls -lad /root/postgresdirnew
drwxrwxrwt. 2 postgres postgres 40 Aug 22 09:43 /root/postgresdirnew
Code: Select all
#!/bin/bash
(su postgres; /usr/local/nagios/libexec/check_disk $@)
Code: Select all
command[check_disk_postgres]=sudo /usr/local/nagios/libexec/check_postgrespartion.sh $ARG1$
Code: Select all
nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_postgrespartion.sh *
Code: Select all
service nrpe restart
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H x.x.x.x -c check_disk_postgres -a '-w 10% -c 5% -p /root/postgresdirnew'
DISK OK - free space: /root/postgresdirnew 512 MB (100.00% inode=100%);| /root/postgresdirnew=0MB;460;486;0;512
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Executing service check as postgres user vs root
Thanks. I'll test this and reply.
Thanks for working on it.
Thanks for working on it.
Re: Executing service check as postgres user vs root
Sure - let us know how it went. We will keep this topic open for the time being.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Executing service check as postgres user vs root
Hi. I'm just getting back to this. Before getting your reply I asked the server team to do the following:
They did what I asked. Is this salvageable, or should I start over with the wrapper script?
Thanks!
Code: Select all
1. On the REMOTE server Please copy /usr/local/nagios/libexec/check_disk to /usr/local/nagios/libexec/check_disk_pgsql
2. Add the nagios user to the REMOTE server's sudoers file with "nagios ALL = NOPASSWD:/usr/local/nagios/libexec/check_disk_pgsql
3. Please close the task to indicate that the task is completed
Then the Nagios team will alter the service check parameter so that $ARG1$ references the new check_disk_pgsql copy that is referenced in the sudoers file.
Thanks!
Re: Executing service check as postgres user vs root
This should work.
Are you going to be running the check locally (on the remote machine), then sending passive check results to the Nagios XI server or you are planning on using active checks, e.g. check_nrpe?
Are you going to be running the check locally (on the remote machine), then sending passive check results to the Nagios XI server or you are planning on using active checks, e.g. check_nrpe?
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Executing service check as postgres user vs root
It will be using active checks.
It is ok to close this. Thanks.
It is ok to close this. Thanks.
Re: Executing service check as postgres user vs root
Sounds good! I am closing this topic.
Be sure to check out our Knowledgebase for helpful articles and solutions!