NRPE on Amazon Linux

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
cybergene
Posts: 92
Joined: Wed Aug 10, 2016 7:38 am
Location: Ottawa, Ontario, Canada

Re: NRPE on Amazon Linux

Post by cybergene »

I get this:

Code: Select all

Starting up daemon
Apr  3 nrpe[22127]: There's already an NRPE server running (PID 22019).  Bailing out...
Apr  3 nrpe[22130]: Host 127.0.0.1 is not allowed to talk to us!
Apr  3 check_nrpe: Error: Could not complete SSL handshake with 127.0.0.1: rc=-1 SSL-error=5
I added localhost to nrpe.conf but the error still shows.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NRPE on Amazon Linux

Post by tgriep »

Is there a process running at PID 22019?
When the agent was started, it seems to think that NRPE was already running.
Be sure to check out our Knowledgebase for helpful articles and solutions!
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: NRPE on Amazon Linux

Post by rkennedy »

What user are you running all of these commands as? With NRPE barking about it running already I tend to believe it. If you're using a regular account with non-root privs this could be affecting it.

I'd consult whomever manages your linux systems to see if they can track it down.
Former Nagios Employee
cybergene
Posts: 92
Joined: Wed Aug 10, 2016 7:38 am
Location: Ottawa, Ontario, Canada

Re: NRPE on Amazon Linux

Post by cybergene »

There is :

Code: Select all

nagios   22019  0.0  0.0  39628  1472 ?        Ss   Apr03   0:00 /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
Here:

Code: Select all

ps -ef |grep nrpe
ec2-user 13729 13629  0 12:59 pts/0    00:00:00 grep nrpe
nagios   22019     1  0 Apr03 ?        00:00:00 /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
Tried this command:

Code: Select all

./check_nrpe -H localhost -c check_load
CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NRPE on Amazon Linux

Post by tgriep »

A couple of problems bound be causing the Connection Reset by peer messahe.
If the NRPE agent wasn't compiled with SSL, it could cause it. To test that our, try running this command if it works, then SSL was not compiled in to the agent.

Code: Select all

./check_nrpe -H localhost -c check_load -n
Also, try running these variations of the command and see if they work.

Code: Select all

./check_nrpe -H 127.0.0.1 -c check_load
./check_nrpe -H 127.0.0.1 -c check_load -4

If the nrpe.cfg file is not setup to allow the localhost address, that could cause it as well. Take a look at this file and verify that the 127.0.0.1 address is in the Allowed Hosts option.
If you need help, post the file here.

Code: Select all

/usr/local/nagios/etc/nrpe.cfg
If you do any changes to the nrpe.cfg file, you will have to stop and start the daemon.
Be sure to check out our Knowledgebase for helpful articles and solutions!
cybergene
Posts: 92
Joined: Wed Aug 10, 2016 7:38 am
Location: Ottawa, Ontario, Canada

Re: NRPE on Amazon Linux

Post by cybergene »

This command doesn't work, then SSL WAS compiled in to the agent.

Code: Select all

[ec2-user@ip-10-95-33-53 libexec]$ ./check_nrpe -H localhost -c check_load -n
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).
[ec2-user@ip-10-95-33-53 libexec]$ ./check_nrpe -H 127.0.0.1 -c check_load -n
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).
[ec2-user@ip-10-95-33-53 libexec]$ ./check_nrpe -H 127.0.0.1 -c check_load -4
CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer
[ec2-user@ip-10-95-33-53 libexec]$ ./check_nrpe -H localhost -c check_load -4
CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer

The /usr/local/nagios/etc/nrpe.cfg file contains:

Code: Select all

allowed_hosts=127.0.0.1, ip,another ip
Other IPs to allow Nagios Core and agents to communicate over the network.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NRPE on Amazon Linux

Post by tgriep »

What steps did you do to compile in SSL to the NRPE Agent?
Did you rebuild the agent and the check_nrpe command and use them both during the testing?

Can you run the following commands on the Amazon server and post the output?

Code: Select all

/usr/local/nagios/bin/nrpe
/usr/local/nagios/libexec/check_nrpe -V
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_load
ps -ef |grep nrpe
Also, post this file as well.

Code: Select all

/usr/local/nagios/etc/nrpe.cfg
Be sure to check out our Knowledgebase for helpful articles and solutions!
cybergene
Posts: 92
Joined: Wed Aug 10, 2016 7:38 am
Location: Ottawa, Ontario, Canada

Re: NRPE on Amazon Linux

Post by cybergene »

Steps from here:https://support.nagios.com/kb/article.p ... ategory=22

Yes, I rebuild it again.

/usr/local/nagios/bin/nrpe :

Code: Select all

te Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 3.0.1
Last Modified: 09-08-2016
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available, OpenSSL 0.9.6 or higher required

***************************************************************
** POSSIBLE SECURITY RISK - COMMAND ARGUMENTS ARE SUPPORTED! **
**      Read the NRPE SECURITY file for more information     **
***************************************************************

***************************************************************
** POSSIBLE SECURITY RISK - TCP WRAPPERS ARE NOT AVAILABLE!  **
**      Read the NRPE SECURITY file for more information     **
***************************************************************

Usage: nrpe [-n] -c <config_file> [-4|-6] <mode>

Options:
 -n               = Do not use SSL
 -c <config_file> = Name of config file to use
 -4               = use ipv4 only
 -6               = use ipv6 only
 <mode>           = One of the following operating modes:
   -i             =    Run as a service under inetd or xinetd
   -d             =    Run as a standalone daemon
   -d -s          =    Run as a subsystem under AIX
   -f             =    Don't fork() for systemd, launchd, etc.

Notes:
This program is designed to process requests from the check_nrpe
plugin on the host(s) running Nagios.  It can run as a service
under inetd or xinetd (read the docs for info on this), or as a
standalone daemon. Once a request is received from an authorized
host, NRPE will execute the command/plugin (as defined in the
config file) and return the plugin output and return code to the
check_nrpe plugin.
/usr/local/nagios/libexec/check_nrpe -V

Code: Select all

NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 3.0.1
Last Modified: 09-08-2016
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: OpenSSL 0.9.6 or higher required
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1

Code: Select all

CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer
/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_load

Code: Select all

CHECK_NRPE: Error - Could not connect to 127.0.0.1: Connection reset by peer

ps -ef |grep nrpe

Code: Select all

ps -ef |grep nrpe
ec2-user 19170 13629  0 18:09 pts/0    00:00:00 grep nrpe
nagios   22019     1  0 Apr03 ?        00:00:00 /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NRPE on Amazon Linux

Post by tgriep »

Lets stop and start the NRPE agent on the server by running the following as root

Code: Select all

kill 22019
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
Then run this to test the Agent

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
If it fails, please post this file

Code: Select all

/usr/local/nagios/etc/nrpe.cfg 
Be sure to check out our Knowledgebase for helpful articles and solutions!
cybergene
Posts: 92
Joined: Wed Aug 10, 2016 7:38 am
Location: Ottawa, Ontario, Canada

Re: NRPE on Amazon Linux

Post by cybergene »

It failed:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
connect to address 127.0.0.1 port 5666: Connection refused
connect to host 127.0.0.1 port 5666: Connection refused
See attached.
Attachments
nrpe.cfg
(10.14 KiB) Downloaded 414 times
Locked