RHEL 6.3 & NRPE Issues

[eloyd]

And what happens when you add the -n? I know you probably already did this, but this is just to make sure:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H localhost -n

[00_kl250]

Ok.

So my sles boxes use nrpe 2.14 and i'm trying to install 2.15 on this machine.

I downloaded 2.14 and installed it on this redhat box, same install steps as 2.15.

when i run /usr/local/nagios/libexec/check_nrpe -H localhost


[root@TDMAURCMESERV32 home]# /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.15

[root@TDMAURCMESERV32 home]# netstat -at | grep nrpe
tcp 0 0 *:nrpe *:* LISTEN
tcp 0 0 *:nrpe *:* LISTEN


So it looks be working correctly on the client side now. Why?

I went to the monitoring server, and I tried to connect to the machine:

[root@SVR-NAGIOS01 ~]# /usr/local/nagios/libexec/check_nrpe -H 10.126.160.26
CHECK_NRPE: Error - Could not complete SSL handshake.

[00_kl250]

When I add the -n

[root@TDMAURCMESERV32 home]# /usr/local/nagios/libexec/check_nrpe -H localhost -n
CHECK_NRPE: Error receiving data from daemon.


No -n

[root@TDMAURCMESERV32 home]# /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.15

[eloyd]

Looks like your SSL setup may be messed up, but unless you're doing something weird, you shouldn't need to do NRPE checks on the local machine. Let's start by asking a new question:

Do you have enough information to make things work the way you want?

[00_kl250]

No.

When i do a check from the monitoring server to the client i get the following:

[root@SVR-NAGIOS01 ~]# /usr/local/nagios/libexec/check_nrpe -H 10.126.160.26
CHECK_NRPE: Error - Could not complete SSL handshake.


I'm guessing with this error i wont be able to monitor anything i want to off the client from the server.

[eloyd]

My apologies. I thought you said it was working when you added the "-n" but I went back and re-read your notes and now I see that it is not working.

Here is our /etc/xinetd.d/nrpe file. The internal IP address of our Nagios server is 10.1.1.120:

Code: Select all

# cat /etc/xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        port            = 5666
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/local/nagios/bin/nrpe
        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
        log_on_failure  += USERID
        disable         = no
        only_from       = 10.1.1.120
}

Here is our /usr/local/nagios/etc/nrpe.cfg file, with comments stripped:

Code: Select all

log_facility=daemon
pid_file=/var/run/nrpe.pid
server_port=5666
nrpe_user=nagios
nrpe_group=nagios
allowed_hosts=127.0.0.1
dont_blame_nrpe=1
debug=1
command_timeout=60
connection_timeout=300
include_dir=/usr/local/nagios/etc/nrpe

Here is the check_nrpe command definition from our Nagios host:

Code: Select all

define command{
        command_name    check_nrpe
        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a "$ARG2$"
}

And here is a service check for one of our NRPE-based commands (using a hostgroup to determine which hosts to run it on):

Code: Select all

define service{
        use                     nrpe-service
        service_description     Root Partition
        hostgroups              private
        servicegroups           System,NRPE
        check_command           check_nrpe!check_disk!-w 20% -c 10% -p /
}

Everything works fine for us:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H 10.1.1.109
NRPE v2.14

So I would suggest you have a problem with NRPE on your Nagios server not working correctly, and I would suggest trying to figure out the SSL problems to get SSL handshaking to work correctly. Mostly, I suggest getting the latest NRPE code (http://exchange.nagios.org/directory/Ad ... or/details), running the configure, and checking the config.log file to see if there are any errors. Then continue compiling and installing from scratch to make sure it's compiled properly for the machine it will be running on. Do not copy from one machine to another.

[sreinhardt]

Do not copy from one machine to another

Very good point, unless these are exactly, and I do mean exactly, the same system. Another thing to check if we haven't already, your openssl versions should be relatively close, having a 0.98 and a 1.0.1+ version between your two systems could be causing similar issues as openssl had a ton of breaking changes between versions.

[millisa]

Back on page 4:

Sep 29 09:40:09 localhost nrpe[3414]: Host ::1 is not allowed to talk to us!

Isn't that saying the ipv6 loopback address that isn't being allowed to connect? That was not in the only_from allowance was it, only ipv4 127.0.0.1 and 192.168.0.29? (ipv6 support was added to nrpe in 2.15 if you do want the ::1 address to work)
The test causing it was

/usr/local/nagios/libexec/check_nrpe -n -H localhost

localhost is likely translating to the ipv6 version, ::1, not 127.0.0.1 on your system.

I think you guys probably had it fixed (or close to it) at the point the above log entry came up back on page 4, assuming you were wanting to monitor using ipv4. You were just getting caught by the localhost defined in your /etc/hosts file:

Code: Select all

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

That's in a centos6 default /etc/hosts (along with the localhost bit on 127.0.0.1).

Set your only_from back to 'only_from = 127.0.0.1 192.168.0.29', restart xinetd and then try explicitly using the ipv4 loopback:
/usr/local/nagios/libexec/check_nrpe -n -H 127.0.0.1

[00_kl250]

This may sound like a silly question, but if i wanted to remove the software and start fresh, how would I do that?

[eloyd]

If it's a virtual machine, and you took a snapshot prior to installing, revert back to the snapshot.

If it's not a virtual machine, then you can "find /usr/local/nagios -name \*nrpe\* -exec rm -Rf {} \;" and that will pretty much take care of it. Yes, it needs to be that weird:

Code: Select all

find /usr/local/nagios -name \*nrpe\* -exec rm -Rf {} \;