Page 1 of 1

check_by_ssh doesn't work with remote python script

Posted: Mon Apr 23, 2018 12:27 am
by yomiko
I am using check_by_ssh on my Nagios server (running Nagios Core) to check my remote host.
I have a python script on the remote host to report back the status of a service running there.

The python script runs perfectly locally on the remote host.

However, when using check_by_ssh to run the python script, it returned UNKNOWN

# /usr/lib64/nagios/plugins/check_by_ssh -l <USERNAME> -i ~/.ssh/id_rsa -H <remote_host_IP> -C "service_check.py" -E
UNKNOWN - check_by_ssh: Remote command service_check.py' returned status 127

If the script is a shell script instead, check_by_ssh would run perfectly.

Is there a way to get check_by_ssh to work properly with the python script?

Thanks!

Re: check_by_ssh doesn't work with remote python script

Posted: Mon Apr 23, 2018 12:13 pm
by npolovenko
Hi, @yomiko.

Try putting the service_check.py command(as you'd run it locally) in a shell script.

Code: Select all

#!/bin/bash

/usr/local/nagios/libexec/service_check.py
And then run the shell script via check_by_ssh instead.

Let me know if it works or not.

Re: check_by_ssh doesn't work with remote python script

Posted: Mon Apr 23, 2018 12:55 pm
by yomiko
That does not work.

# /usr/lib64/nagios/plugins/check_by_ssh -l <USERNAME> -i ~/.ssh/id_rsa -H <remote_host_IP> -C "service_check_bash.sh" -E
UNKNOWN - check_by_ssh: Remote command 'service_check_bash.sh' returned status 127

# /usr/lib64/nagios/plugins/check_by_ssh -l <USERNAME> -i ~/.ssh/id_rsa -H <remote_host_IP> -C "service_check_bash.sh"
Remote command execution failed: ***************************************************************************

I have restricted shell setup to allow a handful of scripts/commands that the user could run.
I placed commands like check_disk, check_uptime, service_check.py as links in the remote host's user's homedir.

The service_check.py script will work if I run it locally.

Remotely with check_by_ssh, it doesn't work. However, if I add a link of /usr/bin/python and /usr/bin/systemctl
to the remote host, then check_by_ssh will work.

Re: check_by_ssh doesn't work with remote python script

Posted: Mon Apr 23, 2018 1:03 pm
by scottwilkerson
yomiko wrote:

Code: Select all

# /usr/lib64/nagios/plugins/check_by_ssh -l <USERNAME> -i ~/.ssh/id_rsa -H <remote_host_IP> -C "service_check.py" -E
UNKNOWN - check_by_ssh: Remote command service_check.py' returned status 127
You need to supply the FULL path to the service_check.py file on the client server, like:

Code: Select all

# /usr/lib64/nagios/plugins/check_by_ssh -l <USERNAME> -i ~/.ssh/id_rsa -H <remote_host_IP> -C "/usr/local/nagios/libexec/service_check.py" -E
Where on <remote_host_IP> /usr/local/nagios/libexec/service_check.py exists and is executable by <USERNAME>

Re: check_by_ssh doesn't work with remote python script

Posted: Mon Apr 23, 2018 2:01 pm
by yomiko
I have the other checks (check_load, check_uptime, etc) as links in the remote host & checks_by_ssh worked on these commands.

The remote user has executable permission on the custom script on the remote host.

Both the full path and linked path worked ONLY if I also create links for "/usr/bin/python" and /usr/bin/systemctl" in the
remote user's home dir.

E.g.

# /usr/lib64/nagios/plugins/check_by_ssh -l <USERNAME> -i ~/.ssh/id_rsa -H <remote_host_IP> -C "python /usr/local/nagios/libexec/service_check.py" -E
Service OK - active (running) since Mon 2018-04-23 18:37:52 GMT

# /usr/lib64/nagios/plugins/check_by_ssh -l <USERNAME> -i ~/.ssh/id_rsa -H <remote_host_IP> -C "service_check.py" -E
Service OK - active (running) since Mon 2018-04-23 18:37:52 GMT

Re: check_by_ssh doesn't work with remote python script

Posted: Mon Apr 23, 2018 2:51 pm
by scottwilkerson
could you share service_check.py this plugin so we can see it?
also

This looks like it is working
yomiko wrote:

Code: Select all

# /usr/lib64/nagios/plugins/check_by_ssh -l <USERNAME> -i ~/.ssh/id_rsa -H <remote_host_IP> -C "python /usr/local/nagios/libexec/service_check.py" -E
Service OK - active (running) since Mon 2018-04-23 18:37:52 GMT

Re: check_by_ssh doesn't work with remote python script

Posted: Mon Apr 23, 2018 4:08 pm
by yomiko
Here is the custom check.

# cat allow/service_check.py
#!/usr/bin/python
import os, sys
import re
code=os.popen("systemctl status httpd").read().replace('\n', '')
code = code.split("Active:")[1].split(";")[0].lstrip()
if "active (running)" in code:
print "Service OK - ",code
sys.exit(0)
elif "inactive (dead)" or "failed" in code:
print "Service CRITICAL - ",code
sys.exit(2)

Re: check_by_ssh doesn't work with remote python script

Posted: Mon Apr 23, 2018 5:02 pm
by scottwilkerson
You will likely need the full path to systemctl in your plugin as well

Code: Select all

#!/usr/bin/python
import os, sys
import re
code=os.popen("/usr/bin/systemctl status httpd").read().replace('\n', '')
code = code.split("Active:")[1].split(";")[0].lstrip()
if "active (running)" in code:
print "Service OK - ",code
sys.exit(0)
elif "inactive (dead)" or "failed" in code:
print "Service CRITICAL - ",code
sys.exit(2)

Re: check_by_ssh doesn't work with remote python script

Posted: Tue May 29, 2018 1:01 pm
by yomiko
Resolved...

I have restricted shell setup. The python script runs "systemctl". After adding "systemctl" as an allowed
command to run in the restricted shell, check_by_ssh ran fine.

Thanks for the tips from everyone.

Re: check_by_ssh doesn't work with remote python script

Posted: Tue May 29, 2018 1:07 pm
by tmcdonald
Did you have further (related) questions or are we good to lock this up?