Issue box293 ESXI plugin and vMA Appliance

[coopstudent]

I followed the instructions from box293 on deploying and configuring a VMA appliance.

I've been able to get the password-less SSH configured and and test the plugin from command line on one ESXI host. Everything works without any issues, but the issue is when I try to configure the wizard;

On the Admin --> Manage Components --> Edit Setting for VMware vMA Settings Manager

I've configured the VMA server, but when I select TEST for the SSH Configuration I get the following:

There was an issue establishing an SSH session with the vMA host 192.168.0.xx!
The output is as follows:
Could not create directory '/usr/share/httpd/.ssh'.
Host key verification failed.
Please refer to the box293_check_vmware manual on how to configure this Nagios host to communicate with the vMA host.

[ssax]

When testing the plugin from the command line did you "su - nagios" before testing or were you only testing as root?

[Box293]

Did you follow these steps as required by the vMA Settings Manager component:

Code: Select all

mkdir /var/www/.ssh
cp /home/nagios/.ssh/known_hosts /var/www/.ssh/
cp /home/nagios/.ssh/id_dsa /var/www/.ssh/
setfacl -R -m u:apache:r-x /var/www/.ssh/

In the steps below,
10.XXX.XXX.XXX = vMA host
10.ZZZ.ZZZ.ZZZ = ESX server

Try these commands and post back the results please:
The following commands will be done as the nagios user

Code: Select all

su nagios

Does this command prompt you for credentials?

Code: Select all

ssh [email protected]

If you do login or are not prompted for credentials, type exit so end the SSH session and return to the nagios host.

Does this command prompt you for credentials, what is the output?

Code: Select all

/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'

We'll stop being the nagios user now, type exit

The following commands will be done as the apache user:

Code: Select all

su -s /bin/sh apache

Does this command prompt you for credentials?

Code: Select all

ssh [email protected]

If you do login or are not prompted for credentials, type exit so end the SSH session and return to the nagios host.

Does this command prompt you for credentials, what is the output?

Code: Select all

/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'

Also, provide the output from these commands:

Code: Select all

ls -al /var/www/

ls -al /var/www/.ssh/

Do these commands produce output? Don't post the output here.

Code: Select all

cat /var/www/.ssh/id_dsa

cat /var/www/.ssh/known_hosts

We'll stop being the apache user now, type exit

Also, what version of check_by_ssh do you have?

Code: Select all

/usr/local/nagios/libexec/check_by_ssh -V

[coopstudent]

Thanks for looking into it. here are the results of all commands..

# below command did not prompt for credentials
[root@nagiosxi ~]# su nagios
[nagios@nagiosxi root]$

# below command did not prompt for credentials
[nagios@nagiosxi root]$ ssh [email protected]

Welcome to SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) - Kernel \r (\l).
vi-admin@vma:~>

vi-admin@vma:~> exit
logout
Connection to 10.xxx.xxx.xxx closed.

# below command did not prompt for credentials
[nagios@nagiosxi root]$ /usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.xxx.xxx.xxx -C '~/box293_check_vmware.pl --server 10.zzz.zzz.zzz --version'

box293_check_vmware Version: 2015-08-03
[nagios@nagiosxi root]$

# below command did produce output
[nagios@nagiosxi root]$ ls -al /var/www/

# below command did NOT produce output
[nagios@nagiosxi root]$ ls -al /var/www/.ssh
ls: cannot access /var/www/.ssh: No such file or directory
[nagios@nagiosxi root]$

# below command did NOT produce output
[nagios@nagiosxi root]$ cat /var/www/.ssh/id_dsa
cat: /var/www/.ssh/id_dsa: No such file or directory
[nagios@nagiosxi root]$

# below command did NOT produce output
[nagios@nagiosxi root]$ cat /var/www/.ssh/id_dsa/known_hosts
cat: /var/www/.ssh/id_dsa/known_hosts: No such file or directory
[nagios@nagiosxi root]$

# Below is the result for check_by_ssh version check
[nagios@nagiosxi root]$ /usr/local/nagios/libexec/check_by_ssh -V
check_by_ssh v1.5 (nagios-plugins 1.5)
[nagios@nagiosxi root]$

[rkennedy]

It looks like these steps were missed as @Box293 mentioned -

Code: Select all

mkdir /var/www/.ssh
cp /home/nagios/.ssh/known_hosts /var/www/.ssh/
cp /home/nagios/.ssh/id_dsa /var/www/.ssh/
setfacl -R -m u:apache:r-x /var/www/.ssh/

Please run through this, and let us know the result.

[coopstudent]

Just completed steps as required by the vMA Settings Manager component

mkdir /var/www/.ssh
cp /home/nagios/.ssh/known_hosts /var/www/.ssh/
cp /home/nagios/.ssh/id_dsa /var/www/.ssh/
setfacl -R -m u:apache:r-x /var/www/.ssh/

# below command did produce output
[root@nagiosxi ~]# ls -al /var/www/
total 8
drwxr-xr-x. 6 root root 53 Feb 9 16:11 .
drwxr-xr-x. 23 root root 4096 Feb 9 09:07 ..
drwxr-xr-x. 2 root root 6 Nov 19 16:43 cgi-bin
drwxr-xr-x. 3 root root 37 Feb 4 22:02 html
drwxr-xr-x. 2 root root 4096 Feb 4 21:54 mrtg
drwxr-xr-x+ 2 root root 37 Feb 9 16:11 .ssh

# below command did produce output
[root@nagiosxi ~]# ls -al /var/www/.ssh/
total 8
drwxr-xr-x+ 2 root root 37 Feb 9 16:11 .
drwxr-xr-x. 6 root root 53 Feb 9 16:11 ..
-rw-r-x---+ 1 root root 668 Feb 9 16:11 id_dsa
-rw-r-xr--+ 1 root root 174 Feb 9 16:11 known_hosts

# below command did produce output
cat /var/www/.ssh/id_dsa

# below command did produce output
cat /var/www/.ssh/known_hosts

I still have the same issue

[Box293]

Just completed steps as required by the vMA Settings Manager component

mkdir /var/www/.ssh
cp /home/nagios/.ssh/known_hosts /var/www/.ssh/
cp /home/nagios/.ssh/id_dsa /var/www/.ssh/
setfacl -R -m u:apache:r-x /var/www/.ssh/

# below command did produce output
[root@nagiosxi ~]# ls -al /var/www/
total 8
drwxr-xr-x. 6 root root 53 Feb 9 16:11 .
drwxr-xr-x. 23 root root 4096 Feb 9 09:07 ..
drwxr-xr-x. 2 root root 6 Nov 19 16:43 cgi-bin
drwxr-xr-x. 3 root root 37 Feb 4 22:02 html
drwxr-xr-x. 2 root root 4096 Feb 4 21:54 mrtg
drwxr-xr-x+ 2 root root 37 Feb 9 16:11 .ssh

# below command did produce output
[root@nagiosxi ~]# ls -al /var/www/.ssh/
total 8
drwxr-xr-x+ 2 root root 37 Feb 9 16:11 .
drwxr-xr-x. 6 root root 53 Feb 9 16:11 ..
-rw-r-x---+ 1 root root 668 Feb 9 16:11 id_dsa
-rw-r-xr--+ 1 root root 174 Feb 9 16:11 known_hosts

# below command did produce output
cat /var/www/.ssh/id_dsa

# below command did produce output
cat /var/www/.ssh/known_hosts

I still have the same issue

Now that you have made those changes, lets test as the apache user:

Code: Select all

su -s /bin/sh apache

Does this command prompt you for credentials?

Code: Select all

ssh [email protected]

If you do login or are not prompted for credentials, type exit so end the SSH session and return to the nagios host.

Does this command prompt you for credentials, what is the output?

Code: Select all

/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'

[coopstudent]

# below command did prompt for credentials
[nagios@nagiosxi root]$ su -s /bin/sh apache
Password: ^C

#below command did NOT prompt for credentials
[nagios@nagiosxi root]$ ssh [email protected]
vi-admin@vma:~> exit

# below command did NOT prompt for credencials and did produced output
nagios@nagiosxi root]$ /usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.xxx.xxx.xxx -C '~/box293_check_vmware.pl --server 10.zzz.zzz.zzz --version'

box293_check_vmware Version: 2015-08-03

[nagios@nagiosxi root]$

[Box293]

# below command did prompt for credentials
[nagios@nagiosxi root]$ su -s /bin/sh apache
Password: ^C

So we need to be able to test this as the apache user as this is the user account that the vMA settings manager runs as.

If you are being prompted for a password for the apache user, then you will need to type it in so you can execute the next commands as the apache user.

On my XI box I do not get prompted.

Code: Select all

[root@xitest ~]# su -s /bin/sh apache
sh-4.1$ 

[coopstudent]

In my previous reply, I tried the command as nagios user. Now I tried as root

# below command did NOT prompt for credentials
[root@nagiosxi ~]# su -s /bin/sh apache
sh-4.2$