Hello
I'm pretty new at Nagios and I'm having a problem when installing the NRPE plugin in Centos.
I have a monitoring server (its hostname is wizzo-int-monitoring0) where I have installed:
- Nagios-4.0.7 <--- it works fine, as I am seeing the remote host
- Nagios-plugins-2.0.3
- NRPE-2.15
In the remote server (its hostname is wizzo-int-read3), I have installed:
- sudo yum -y install openssl-devel gcc xinetd make
- Nagios-plugins-2.0.3
- NRPE-2.15
Moreover, in the remote server, I have made some changes in the following files:
- In /etc/xinetd.d/nrpe I have added only_from = 127.0.0.1 wizzo-int-monitoring0
- In /etc/services I have added the line: nrpe 5666/tcp # NRPE
- In /etc/hosts.allow I have added the line: nrpe: 127.0.0.1 wizzo-int-monitoring0
I have also modified the iptables:
- sudo iptables -A INPUT -p tcp -m tcp --dport 5666 -j ACCEPT
- sudo service iptables save
In the remote server, If i type /usr/local/nagios/libexec/check_nrpe -H localhost
I get NRPE v2.15 <---- what it's correct
But If I type in the monitoring server /usr/local/nagios/libexec/check_nrpe -H wizzo-int-read3
I get CHECK_NRPE: Error - Could not complete SSL handshake.
If I modify the etc/xinetd.d/nrpe and change wizzo-int-monitoring0 by its IP address, it works. But I need to use the hostname, as it can change.
What am i doing wrong?
What do i have to do to be able to use hostnames in the /etc/xinetd.d/nrpe file?
I am getting crazy and I dont know what else to do.
Thanks a lot in advance
PS. I tried to post this issue in a different section, maybe it should be here "Nagios Plugin Development", it seems more concrete than Nagios Core"
CHECK_NRPE: Error - Could not complete SSL handshake.
-
- Posts: 6
- Joined: Thu Aug 21, 2014 10:10 am
-
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: CHECK_NRPE: Error - Could not complete SSL handshake.
Hostnames might play a roll in this, especially if it pseudo-dynamically recerts for incoming connections, but thats not too likely. Are the system times correct and set the same on both systems? Are the nrpe and actual hostnames matching? Does wizzo-int-read3 and wizzo-int-monitoring0 resolve correctly internally?
Wait a second, after a reread, are you attempting to use hostnames within the allow from directive in the nrpe xinetd config? That will not work from my understanding, as we and xinetd should not attempt to do dns resolution, but require an IP. So this very well may be the issue if thats the case.
Wait a second, after a reread, are you attempting to use hostnames within the allow from directive in the nrpe xinetd config? That will not work from my understanding, as we and xinetd should not attempt to do dns resolution, but require an IP. So this very well may be the issue if thats the case.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
-
- Posts: 6
- Joined: Thu Aug 21, 2014 10:10 am
Re: CHECK_NRPE: Error - Could not complete SSL handshake.
Thanks for your answer sreinhardt.
Wizzo-int-read3 resolves wizzo-int-monitoring0 perfectly and the other way around. I mean, if you log in wizzo-int-read3 server, and you ping wizzo-int-monitoring0, it is resolved with no problem.
In file /etc/xinetd.d/nrpe i have added the my monitoring server. It looks like this:
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 127.0.0.1 wizzo-int-monitoring0
}
Wizzo-int-read3 resolves wizzo-int-monitoring0 perfectly and the other way around. I mean, if you log in wizzo-int-read3 server, and you ping wizzo-int-monitoring0, it is resolved with no problem.
In file /etc/xinetd.d/nrpe i have added the my monitoring server. It looks like this:
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 127.0.0.1 wizzo-int-monitoring0
}
Re: CHECK_NRPE: Error - Could not complete SSL handshake.
It's probably obvious, but I need to ask this - did you restart xinetd after modifying the "/etc/xinetd.d/nrpe" file?
Code: Select all
service xinetd restart
Be sure to check out our Knowledgebase for helpful articles and solutions!
- Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: CHECK_NRPE: Error - Could not complete SSL handshake.
You asked the same question here:
http://support.nagios.com/forum/viewtop ... 26#p109271
What happened when you tried:
For example:
http://support.nagios.com/forum/viewtop ... 26#p109271
What happened when you tried:
From what I understand, it needs to be able to do a reverse DNS lookup on the IP address that is sending the NRPE request and it has to match wizzo-int-monitoring0.your.fqdn.In /etc/xinetd.d/nrpe try only_from = 127.0.0.1 wizzo-int-monitoring0.your.fqdn
For example:
Code: Select all
host 8.8.8.8
8.8.8.8.in-addr.arpa domain name pointer google-public-dns-a.google.com.
host google-public-dns-a.google.com
google-public-dns-a.google.com has address 8.8.8.8
google-public-dns-a.google.com has IPv6 address 2001:4860:4860::8888
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.