Page 1 of 5

NRPE on Amazon Linux

Posted: Fri Mar 10, 2017 10:34 am
by cybergene
I'm trying to get this working and I'm getting this error
CHECK_NRPE: Error - Could not connect to xx.xx.xx.xxx: Connection reset by peer

on Nagios Web.

The command I run is /usr/local/nagios/libexec/check_uptime 100 300

It works well on the remote itself but it seems there is a connection error between the remote and Nagios Core.

I tried to resolve it as in this document https://assets.nagios.com/downloads/nag ... utions.pdf and I recompiled it with enabling SSl.

I'm running it without xinetd, and already modified the allowed_hosts, made port 5666 open and I can ping it too.

Any help is appreciated,


Thanks!

Re: NRPE on Amazon Linux

Posted: Fri Mar 10, 2017 3:15 pm
by mcapra
Can you share the full contents of the nrpe.cfg being leveraged on this machine? The full path should be presented by:

Code: Select all

ps aux | grep nrpe.cfg

Re: NRPE on Amazon Linux

Posted: Mon Mar 13, 2017 10:13 am
by cybergene
Here,
nrpe 21816 0.0 0.0 41676 1456 ? Ss 14:31 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
ec2-user 22104 0.0 0.0 110404 884 pts/0 S+ 14:46 0:00 grep nrpe.cfg



I solved the issue by installing this:
yum install nagios-plugins-all nagios-plugins-nrpe nrpe

As the NRPE package for AWS EC2 Linux.

But I don't like this since it installs NRPE v 2.15 and I'm not sure how to update it to V 3.0 and beyond. It might start generating packet version errors between the remote host and Nagios core.

Do you know why the NRPE doesn't work on Amazon Linux as usual?

Re: NRPE on Amazon Linux

Posted: Mon Mar 13, 2017 3:50 pm
by mcapra
We don't have direct control over any particular repository's distribution of NRPE, which is to say that we don't have any control over whether or not those packages handle the NRPE v3 upgrade gracefully when they choose to update the package(s).

If you could tell me how you installed NRPE on this machine previously (specific guides, documentation, etc), I might be able to discern what caused the problems. However, since you've got things working using the package installation it'd be purely for informational purposes.

Re: NRPE on Amazon Linux

Posted: Tue Mar 14, 2017 7:18 am
by cybergene
These are the steps that I usually use to install NRPE on Linux, mind you; the one I'm having problems with is an Amazon Linux.


https://support.nagios.com/kb/article.php?id=92

Download the tarball and extract it in your /tmp directory:

cd /tmp
wget http://sourceforge.net/projects/nagios/ ... z/download
tar xfz download
cd nrpe*

Setup the nagios user:

useradd nagios
passwd nagios

Install NRPE pre-requisites:

yum install mod_ssl openssl-devel gcc make openssl perl
Configure and make NRPE. This will create the /usr/local/nagios directory, which is where NRPE will be located:

./configure
make all
make install

Make the NRPE config directory, and setup the example config file:

mkdir /usr/local/nagios/etc
cp sample-config/nrpe.cfg /usr/local/nagios/etc/nrpe.cfg
chown -R nagios:nagios /usr/local/nagios/etc

Open port 5666 in your firewall to allow your Nagios server through. The rule below limits access to a particular source IP:

iptables -A INPUT -s <nagiosserverip> -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT
service iptables save

At this point, NRPE is ready to start:

/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d


##############################################
##############################################
Test:
I tried to upgrade through those steps: https://support.nagios.com/kb/article.php?id=515

and the result is:
/usr/local/nagios/libexec/check_nrpe -V

NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 3.0.1
Last Modified: 09-08-2016
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: OpenSSL 0.9.6 or higher required


Now what worked with V 2.15 and the package installer fails:
No output on stdout) stderr: connect to address xx.xx.xx.xxx port 5666: Connection refused
connect to host xx.xx.xx.xxx port 5666: Connection refused


I'm not sure what is making it to fail....

Re: NRPE on Amazon Linux

Posted: Tue Mar 14, 2017 3:37 pm
by mcapra
Can you share the service and command definitions from the Nagios Core machine being leveraged for your checks? As well as the nrpe.cfg from the remote machine?

Re: NRPE on Amazon Linux

Posted: Wed Mar 15, 2017 7:36 am
by cybergene
Here you go:

Service Definition:

Code: Select all

define service{
        use                     generic-service
        host_name               remote_host
        service_description     Uptime
        check_command           check_nrpe!check_uptime
        contacts                contact_name
        }
No command definition, the check_nrpe will do the job.

nrpe.cfg file

Code: Select all

log_facility=daemon
debug=0
pid_file=/usr/local/nagios/var/nrpe.pid
server_port=5666
#listen_queue_size=5
nrpe_user=nagios
nrpe_group=nagios

# ALLOWED HOST ADDRESSES
allowed_hosts=127.0.0.1,xx.x.x.x,xxx.xx.x.x

# COMMAND ARGUMENT PROCESSING
dont_blame_nrpe=1

# BASH COMMAND SUBTITUTION
allow_bash_command_substitution=0

# COMMAND PREFIX
# command_prefix=/usr/bin/sudo

# COMMAND TIMEOUT
command_timeout=60

# CONNECTION TIMEOUT
connection_timeout=300

# WEAK RANDOM SEED OPTION
#allow_weak_random_seed=1

# SSL/TLS OPTIONS
# These directives allow you to specify how to use SSL/TLS.

# SSL VERSION
#ssl_version=SSLv2+

# SSL USE ADH
#ssl_use_adh=1

# SSL USE CLIENT CERTS
#ssl_client_certs=0
# SSL LOGGING
#ssl_logging=0x00

# INCLUDE CONFIG FILE

#include=<somefile.cfg>

# INCLUDE CONFIG DIRECTORY

# COMMAND DEFINITIONS
# The following examples use hardcoded command arguments...

command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
#command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200

###################################################
###### Currently used Command for NRPE ############
##################################################

#check_disk
command[check_disk]=/usr/local/nagios/libexec/check_disk -w 25% -c 10% -p /home

#check_load Average
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20

# Check memory
command[check_mem1]=/usr/local/nagios/libexec/check_memory -f -w 20 -c 10

# Check cpu usage
command[check_cpu]=/usr/local/nagios/libexec/check_cpu.sh -w 75 -c 90

# Check uptime
command[check_uptime]=/usr/local/nagios/libexec/check_uptime 100 300

Re: NRPE on Amazon Linux

Posted: Wed Mar 15, 2017 4:41 pm
by tgriep
Did the Amazon security settings to allow inbound traffic on port 5666 get reset somehow?

You may want to look at this article for NRPE - v3 Compatibility With Previous Versions

Code: Select all

https://support.nagios.com/kb/article.php?id=516

Re: NRPE on Amazon Linux

Posted: Thu Mar 16, 2017 7:04 am
by cybergene
tgriep wrote:Did the Amazon security settings to allow inbound traffic on port 5666 get reset somehow?

You may want to look at this article for NRPE - v3 Compatibility With Previous Versions

Code: Select all

https://support.nagios.com/kb/article.php?id=516
That is what I meant with the Packet error in the first post.

If I force NRPE to send V 2 packets, it will solve the issue until I upgrade.

No, Port 5666 is not reset. I can Ping the server and it is alive.

Re: NRPE on Amazon Linux

Posted: Thu Mar 16, 2017 2:09 pm
by tgriep
If you are using the version 3.x of the check_nrpe plugin it should try using version 3 of the packet and switch over to version 2 if it cannot use 3.

In the remote server, can you run the following and post the output

Code: Select all

/usr/local/nagios/bin/nrpe
/usr/local/nagios/libexec/check_nrpe -V
Add this on the Nagios server

Code: Select all

/usr/local/nagios/libexec/check_nrpe -V
Adjust the paths if necessary.