Automate Linux NRPE installation

[jkinning]

I have 160+ Linux hosts in which I need to monitor with Nagios XI. What is the best and easiest method for deploying the NRPE agent? I have encountered a few issue with the SUSE NRPE client installation but have some modifications in which I have made. When I attempt to run and deploy the the script it stops at the point where it asks for the Nagios host IP address to allow the nrpe connection to. Anyone have any thoughts on how to overcome this and automatically add the value? Or is there a way to bypass this and then just deploy the /etc/xinetd.d/nrpe file which has those IP address values entered. I am trying to avoid having to manually install this NRPE agent on 160+ machines.

[ssax]

You could modify subcomponents/install and change line 39 from:

Code: Select all

read -p "Allow from:  " ALLOW_INPUT

To:

Code: Select all

ALLOW_INPUT="127.0.0.1 IPADDRESS IPADDRESS"

[abrist]

If you are using the agent install from XI, you can alter the xinetd subcomponents script:

Code: Select all

linux-nrpe-agent/subcomponents/install

Edit line #39. Change:

Code: Select all

read -p "Allow from:  " ALLOW_INPUT

To:

Code: Select all

#read -p "Allow from:  " ALLOW_INPUT
ALLOW_INPUT="127.0.0.1 <nagios server ip>"

Now the install should just populate the xinetd nrpe config with the ips in the ALLOW_INPUT var instead of asking for input.

[mp4783]

We built RPMs for each platform. I created a script that "sets up" the environment and then fires off rpmbuild. You will need a prototype server (a server with the agent already set up) to do this.

Once the RPM is built, you can install it with standard tools. However, to allow for greater flexibility, I incorporated the use of environment variables to allow optional control over some installation parameters, most notably which Nagios XI servers are allowed to contact the agent. Be sure to include creation of the nagios user and group in the RPM.

Your RPM spec file then needs to reference an environment variable (or it could just read a file) that contains the list of the Nagios XI hosts. In the "%post" section, after all the files are in place, you need to substitute in those Nagios XI servers. Here is an example of how I did this:

Code: Select all

cat /etc/xinetd.d/nrpe | sed "s/\(.*only_from.*=\)\(.*\)/\1 localhost $NAGIOS_XI_SERVERS/g" > /tmp/nrpe
cp /tmp/nrpe /etc/xinetd.d/nrpe
rm -f /tmp/nrpe 2>/dev/null

After the RPM is built, create a small wrapper script that exports the list of Nagios XI hosts to the environment (e.g. export NAGIOS_XI_SERVERS="nagiosxi_1.domain.com nagiosxi_2.domain.com"). Then copy the wrapper and RPM to the host and execute the wrapper script. It will only take a few seconds and it should be working.

Alternately, you can try something that I did which seemed to work just fine. Created a tar.gz archive of all the files required to run your NRPE agent. Typically, this would require you to archive the following:

/usr/local/nagios
/usr/local/nrdp
/etc/xinetd.d/nrpe
/etc/xinetd.d/nsca

You might be able to drop the nrdp and nsca stuff, but it was part of our installation. This will not register the agent with your package manager, but it should work.

[jolson]

Please see the above responses and get back to us with your progress. Thanks very much!

[jkinning]

Well the RPM method was a bit more than I could do. I am not usually building RPMs but when I do I leverage rpmwand which in this case didn't work out too well. So, I have created a script that download the nrpe agent and then renames the key files and wgets files from a webserver. These files are modified so they don't require the [Y/n} prompt and adds the nrpe allow server addresses. I finally got everything squared away but now my Nagios XI server cannot communicate with the client. I am getting CHECK_NRPE: Error - Could not complete SSL handshake message. Everything looks fine and I noticed I need to change the firewall file so it doesn't start or restart the firewall. In this case and many like it I don't run the firewall so can I just exclude that file or what do I need to modify so it leaves the firewall alone if off?

Maybe a little more dev work needs to go into SUSE NRPE installs for those leveraging SUSE Manager. I am assuming the Red Hat or CentOS installs would be similar if leveraging Spacewalk but can't test. Windows installs went well, Linux I am struggling for SUSE, SLES 11sp3.

I also just noticed that nrpe is listening twice???
netstat -at | grep nrpe
tcp 0 0 *:nrpe *:* LISTEN
tcp 0 0 *:nrpe *:* LISTEN

[lmiltchev]

Are you running NRPE under xinetd or as a "standalone" daemon? Can you run the following command and show us the output?

Code: Select all

ps axuw | grep nrpe

The "CHECK_NRPE: Error - Could not complete SSL handshake" error is usually caused by the fact that Nagios server's IP hasn't been added to "/etc/xinetd.d/nrpe" (only_from = ...) or "/usr/local/nagios/etc/nrpe.cfg" (allowed_hosts= ...). It is also possible that NRPE was not compiled with SSL enabled.

http://assets.nagios.com/downloads/nagi ... utions.pdf

I am not sure what are the errors that you ran into on SUSE, but I suspect you cannot use one installer for "all" as the following command:

Code: Select all

usermod -a -G nagcmd nagios

doesn't work on all SUSE variants and you would need to probably use this command instead:

Code: Select all

usermod -A nagcmd nagios

[jkinning]

I killed all the process I saw by PID and then ran /etc/xinetd.d/nrpe restart. That appears to allow me to connect.

I am just trying to deploy this agent to over 150 hosts without having to touch ALL 150 hosts. Simple for some but for me, not very knowledgeable with Nagios, it is becoming a royal pain.

[lmiltchev]

I killed all the process I saw by PID and then ran /etc/xinetd.d/nrpe restart. That appears to allow me to connect.

Great! Can we lock this thread and mark it as "resolved"?

[jkinning]

Sure, since it appears the installer for SLES will never get any attention.