We encountered such a problem that the compiled Nagios NRPE agent codes on Redhat 6.5 node failed to work on Redhat 6.2 node or Redhat 6.4 node due to the issue of different openssl/openssl-devel version installed. For example, we have openssl-1.0.1e-16.el6_5.15.x86_64 and openssl-devel-1.0.1e-16.el6_5.15.x86_64 installed on a Redhat 6.5 node and we compiled the NRPE v2.15 on it. When we copied the codes to a Redhat 6.2 node that has openssl-devel-1.0.0-20.el6.x86_64 and openssl-1.0.0-20.el6.x86_64 installed, we received an "CHECK_NRPE: Error - Could not complete SSL handshake" message when running check_nrpe locally or remotely on the Nagiuos XI server that is allowed to access this Nagios NRPE managed node. It is believed this error was due to the different version of openssl and openssl-devel that are installed on the Nagios NRPE managed node, comparing the openssl and openssl-devel used for compiling the codes on the Redhat 6.5 node. So we had to compile Nagios NRPE v2.15 codes on the Redhat 6.2 node to make it work. So this brings up two questions:
1) we may have to compile Nagios NRPE agent codes on different Redhat 6.x releases, depending on the versions of openssl and openssl-devel on Redhat 6.x nodes. So we may not be able to use the same compiled codes for other Redhat 6.x releases.
2) Even the Nagios NRPE agent codes are working fine on a Redhat 6.x node, once the openssl and openssl-devel are upgraded to a newer version, it may probably break the current Nagios NRPE agent codes on this node, and then we would have to recompile the Nagios NRPE agent codes with the newer version of openssl and openssl-devel.
What is a solution or suggestion to deal with this issue? We have Nagios XI 2014R2.7 and Nagios NRPE v2.15.
Thanks!
CHECK_NRPE Error with SSL handshake
Re: CHECK_NRPE Error with SSL handshake
Can I get some clarification on the scope of what you're trying to accomplish here?
Are you just trying to make it so you can copy the binary from machine to machine instead of compiling it on each machine?
To me it seems like you're making more work for yourself than necessary.. the steps to install and compile NRPE are pretty minimal.
This wouldn't be very hard to script, the fullinstall script does ask for you to for some manual input but I'm sure you could modify that to meet your needs.
Are you just trying to make it so you can copy the binary from machine to machine instead of compiling it on each machine?
You're copying the configuration files over too, I assume?xlin125 wrote: we received an "CHECK_NRPE: Error - Could not complete SSL handshake" message when running check_nrpe locally or remotely on the Nagiuos XI server that is allowed to access this Nagios NRPE managed node
To me it seems like you're making more work for yourself than necessary.. the steps to install and compile NRPE are pretty minimal.
Code: Select all
cd /tmp
wget https://assets.nagios.com/downloads/nagiosxi/agents/linux-nrpe-agent.tar.gz
tar xzf linux-nrpe-agent.tar.gz
cd linux-nrpe-agent
./fullinstall
Former Nagios Employee.
me.
me.
Re: CHECK_NRPE Error with SSL handshake
Yes, manually installing the Nagios NRPE agent on a machine is easy, but we are asked to package the Nagios NRPE agent software so that we can install it on production machines that normally do not have Internet access, and gcc compiler is not allowed on these machines. So, the normal way, as documented in the installation guide, to install a NRPE agent does not meet our needs.
When we take the compiled NRPE agent codes under /usr/local/nagios as well as other configuration files, we can build a NRPE agent package. That way, we can install it on a machine without going through the compiling again, and it only takes less than 10 seconds to install it. When we deal with the NRPE agent installation on a large number of machines using this package, that gives us a huge benefits, particularly for the production machines. The concern of doing this is that the Linux upgrade may break the NRPE agent. This post just points out a potential problem that affects check_nrpe by different openssl/openssl-devel version or upgrade. The subject of this post may not reflect what I really wanted to ask.
Thanks!
When we take the compiled NRPE agent codes under /usr/local/nagios as well as other configuration files, we can build a NRPE agent package. That way, we can install it on a machine without going through the compiling again, and it only takes less than 10 seconds to install it. When we deal with the NRPE agent installation on a large number of machines using this package, that gives us a huge benefits, particularly for the production machines. The concern of doing this is that the Linux upgrade may break the NRPE agent. This post just points out a potential problem that affects check_nrpe by different openssl/openssl-devel version or upgrade. The subject of this post may not reflect what I really wanted to ask.
Thanks!
-
Nagios Support
- Posts: 36
- Joined: Thu Sep 04, 2014 12:16 pm
Re: CHECK_NRPE Error with SSL handshake
We will need to discuss this with our developers and will get back to you within the next 24 hours. Thank you!
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
jdalrymple
- Skynet Drone
- Posts: 2620
- Joined: Wed Feb 11, 2015 1:56 pm
Re: CHECK_NRPE Error with SSL handshake
This is kind of outside of our scope, but I did a quick google and came up with this patch that allows you to statically link openssl:
http://permalink.gmane.org/gmane.networ ... devel/4882
That's not going to solve all of your problems though. You'll have a lot of similar issues with plugins.
http://permalink.gmane.org/gmane.networ ... devel/4882
That's not going to solve all of your problems though. You'll have a lot of similar issues with plugins.