NRPE on Amazon Linux

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
cybergene
Posts: 92
Joined: Wed Aug 10, 2016 7:38 am
Location: Ottawa, Ontario, Canada

NRPE on Amazon Linux

Post by cybergene »

I'm trying to get this working and I'm getting this error
CHECK_NRPE: Error - Could not connect to xx.xx.xx.xxx: Connection reset by peer

on Nagios Web.

The command I run is /usr/local/nagios/libexec/check_uptime 100 300

It works well on the remote itself but it seems there is a connection error between the remote and Nagios Core.

I tried to resolve it as in this document https://assets.nagios.com/downloads/nag ... utions.pdf and I recompiled it with enabling SSl.

I'm running it without xinetd, and already modified the allowed_hosts, made port 5666 open and I can ping it too.

Any help is appreciated,


Thanks!
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: NRPE on Amazon Linux

Post by mcapra »

Can you share the full contents of the nrpe.cfg being leveraged on this machine? The full path should be presented by:

Code: Select all

ps aux | grep nrpe.cfg
Former Nagios employee
https://www.mcapra.com/
cybergene
Posts: 92
Joined: Wed Aug 10, 2016 7:38 am
Location: Ottawa, Ontario, Canada

Re: NRPE on Amazon Linux

Post by cybergene »

Here,
nrpe 21816 0.0 0.0 41676 1456 ? Ss 14:31 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
ec2-user 22104 0.0 0.0 110404 884 pts/0 S+ 14:46 0:00 grep nrpe.cfg



I solved the issue by installing this:
yum install nagios-plugins-all nagios-plugins-nrpe nrpe

As the NRPE package for AWS EC2 Linux.

But I don't like this since it installs NRPE v 2.15 and I'm not sure how to update it to V 3.0 and beyond. It might start generating packet version errors between the remote host and Nagios core.

Do you know why the NRPE doesn't work on Amazon Linux as usual?
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: NRPE on Amazon Linux

Post by mcapra »

We don't have direct control over any particular repository's distribution of NRPE, which is to say that we don't have any control over whether or not those packages handle the NRPE v3 upgrade gracefully when they choose to update the package(s).

If you could tell me how you installed NRPE on this machine previously (specific guides, documentation, etc), I might be able to discern what caused the problems. However, since you've got things working using the package installation it'd be purely for informational purposes.
Former Nagios employee
https://www.mcapra.com/
cybergene
Posts: 92
Joined: Wed Aug 10, 2016 7:38 am
Location: Ottawa, Ontario, Canada

Re: NRPE on Amazon Linux

Post by cybergene »

These are the steps that I usually use to install NRPE on Linux, mind you; the one I'm having problems with is an Amazon Linux.


https://support.nagios.com/kb/article.php?id=92

Download the tarball and extract it in your /tmp directory:

cd /tmp
wget http://sourceforge.net/projects/nagios/ ... z/download
tar xfz download
cd nrpe*

Setup the nagios user:

useradd nagios
passwd nagios

Install NRPE pre-requisites:

yum install mod_ssl openssl-devel gcc make openssl perl
Configure and make NRPE. This will create the /usr/local/nagios directory, which is where NRPE will be located:

./configure
make all
make install

Make the NRPE config directory, and setup the example config file:

mkdir /usr/local/nagios/etc
cp sample-config/nrpe.cfg /usr/local/nagios/etc/nrpe.cfg
chown -R nagios:nagios /usr/local/nagios/etc

Open port 5666 in your firewall to allow your Nagios server through. The rule below limits access to a particular source IP:

iptables -A INPUT -s <nagiosserverip> -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT
service iptables save

At this point, NRPE is ready to start:

/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d


##############################################
##############################################
Test:
I tried to upgrade through those steps: https://support.nagios.com/kb/article.php?id=515

and the result is:
/usr/local/nagios/libexec/check_nrpe -V

NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 3.0.1
Last Modified: 09-08-2016
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: OpenSSL 0.9.6 or higher required


Now what worked with V 2.15 and the package installer fails:
No output on stdout) stderr: connect to address xx.xx.xx.xxx port 5666: Connection refused
connect to host xx.xx.xx.xxx port 5666: Connection refused


I'm not sure what is making it to fail....
Attachments
InkedScreenshot_32_LI.jpg
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: NRPE on Amazon Linux

Post by mcapra »

Can you share the service and command definitions from the Nagios Core machine being leveraged for your checks? As well as the nrpe.cfg from the remote machine?
Former Nagios employee
https://www.mcapra.com/
cybergene
Posts: 92
Joined: Wed Aug 10, 2016 7:38 am
Location: Ottawa, Ontario, Canada

Re: NRPE on Amazon Linux

Post by cybergene »

Here you go:

Service Definition:

Code: Select all

define service{
        use                     generic-service
        host_name               remote_host
        service_description     Uptime
        check_command           check_nrpe!check_uptime
        contacts                contact_name
        }
No command definition, the check_nrpe will do the job.

nrpe.cfg file

Code: Select all

log_facility=daemon
debug=0
pid_file=/usr/local/nagios/var/nrpe.pid
server_port=5666
#listen_queue_size=5
nrpe_user=nagios
nrpe_group=nagios

# ALLOWED HOST ADDRESSES
allowed_hosts=127.0.0.1,xx.x.x.x,xxx.xx.x.x

# COMMAND ARGUMENT PROCESSING
dont_blame_nrpe=1

# BASH COMMAND SUBTITUTION
allow_bash_command_substitution=0

# COMMAND PREFIX
# command_prefix=/usr/bin/sudo

# COMMAND TIMEOUT
command_timeout=60

# CONNECTION TIMEOUT
connection_timeout=300

# WEAK RANDOM SEED OPTION
#allow_weak_random_seed=1

# SSL/TLS OPTIONS
# These directives allow you to specify how to use SSL/TLS.

# SSL VERSION
#ssl_version=SSLv2+

# SSL USE ADH
#ssl_use_adh=1

# SSL USE CLIENT CERTS
#ssl_client_certs=0
# SSL LOGGING
#ssl_logging=0x00

# INCLUDE CONFIG FILE

#include=<somefile.cfg>

# INCLUDE CONFIG DIRECTORY

# COMMAND DEFINITIONS
# The following examples use hardcoded command arguments...

command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
#command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200

###################################################
###### Currently used Command for NRPE ############
##################################################

#check_disk
command[check_disk]=/usr/local/nagios/libexec/check_disk -w 25% -c 10% -p /home

#check_load Average
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20

# Check memory
command[check_mem1]=/usr/local/nagios/libexec/check_memory -f -w 20 -c 10

# Check cpu usage
command[check_cpu]=/usr/local/nagios/libexec/check_cpu.sh -w 75 -c 90

# Check uptime
command[check_uptime]=/usr/local/nagios/libexec/check_uptime 100 300
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NRPE on Amazon Linux

Post by tgriep »

Did the Amazon security settings to allow inbound traffic on port 5666 get reset somehow?

You may want to look at this article for NRPE - v3 Compatibility With Previous Versions

Code: Select all

https://support.nagios.com/kb/article.php?id=516
Be sure to check out our Knowledgebase for helpful articles and solutions!
cybergene
Posts: 92
Joined: Wed Aug 10, 2016 7:38 am
Location: Ottawa, Ontario, Canada

Re: NRPE on Amazon Linux

Post by cybergene »

tgriep wrote:Did the Amazon security settings to allow inbound traffic on port 5666 get reset somehow?

You may want to look at this article for NRPE - v3 Compatibility With Previous Versions

Code: Select all

https://support.nagios.com/kb/article.php?id=516
That is what I meant with the Packet error in the first post.

If I force NRPE to send V 2 packets, it will solve the issue until I upgrade.

No, Port 5666 is not reset. I can Ping the server and it is alive.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NRPE on Amazon Linux

Post by tgriep »

If you are using the version 3.x of the check_nrpe plugin it should try using version 3 of the packet and switch over to version 2 if it cannot use 3.

In the remote server, can you run the following and post the output

Code: Select all

/usr/local/nagios/bin/nrpe
/usr/local/nagios/libexec/check_nrpe -V
Add this on the Nagios server

Code: Select all

/usr/local/nagios/libexec/check_nrpe -V
Adjust the paths if necessary.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Locked