box293_check_vmware:The vMA host x is NOT in the known_hosts

[paulo.nogueira]

Hi.
I'm setting up our Nagios XI to monitor our VCenter 6.0.0 using box293_check_vmware.
I'm following Troy Lea aka Box293's instructions and everything worked smoothly. However when I'm defining vMA Hosts in the VMware vMA Settings Manager, and by test a vMA Host ssh configuration i'm getting the bellow error message:
"The vMA host x is NOT in the known_hosts file."

Can someone kindly help me out on this?

Following the resolution on this forun's topic "box293_check_vmware configuration problem" @https://support.nagios.com/forum/viewto ... 14&start=0 I here by post back the results of some (I think) usefull commands:

(for our reference)
X: ip address of the vma host
Y: ip address of the VCenter
Z: ip address on Nagios Server

The following commands will be done as the nagios user on the Nagios server:
1.

Code: Select all

>su nagios
>ssh vi-admin@X (vma host)

(This command did not prompt me for credentials)

Code: Select all

>exit (ended the SSH session and return to the nagios host)

2.
output of the command:

Code: Select all

>/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H X -C '~/box293_check_vmware.pl --server Y --version')
box293_check_vmware Version: 2016-10-02

(this command was done on nagios with nagios user and it did not prompt me for credentials)

3.
Stop being the nagios user and ran the following commands as the apache user:

Code: Select all

>su -s /bin/sh apache
>ssh vi-admin@X

Result:

sh-4.1$ ssh vi-admin@X
The authenticity of host 'X (X)' can't be established.
RSA key fingerprint is 91:09:e4:b6:ed:76:cc:0d:89:09:4b:8b:5cc8:5d.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/var/www/.ssh/known_hosts).

Welcome to SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) - Kernel \r (\l).

Last login: Thu Nov 3 16:40:40 UTC 2016 from Z on ssh
Last login: Thu Nov 3 16:44:51 2016 from Z
Welcome to vMA

(This command did not prompt me for credentials)

4.
Exited and returned to the Nagios host. Output of the command:

Code: Select all

/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H X -C '~/box293_check_vmware.pl --server Y --version'
box293_check_vmware Version: 2016-10-02

(This command prompt me for credentials)

5.
Output of:

Code: Select all

ls -al /var/www/

total 32
drwxr-xr-x 8 root root 4096 Nov 3 15:00 .
drwxr-xr-x. 18 root root 4096 Dec 8 2015 ..
drwxr-xr-x 2 root root 4096 Aug 24 2015 cgi-bin
drwxr-xr-x 3 root root 4096 Dec 8 2015 error
drwxr-xr-x 3 root root 4096 Dec 8 2015 html
drwxr-xr-x 3 root root 4096 Feb 20 2016 icons
drwxr-xr-x 2 root root 4096 Dec 8 2015 mrtg
drwxr-xr-x+ 2 root root 4096 Nov 3 15:02 .ssh

6.
Output of:

ls -al /var/www/.ssh/

drwxr-xr-x+ 2 root root 4096 Nov 3 15:02 .
drwxr-xr-x 8 root root 4096 Nov 3 15:00 ..
-rw-r-x---+ 1 root root 668 Nov 3 15:02 id_dsa

7.
Output of: cat /var/www/.ssh/id_dsa

-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQCeWTMHbHMutyjigYQaiWfS4ilLhGsHGyRCQQFKxv1s
ma9YJKJ9IeN4lXScXlF3ZFB2PzkY8IOFRCavdw0NvyDWwHFWlbpFWIjf
v9Fh/mhroifqJ8GhGqfg8pxj/dvg7ICcQS9HrfkvdctjerGv8Z9dzx7N
OdQtWINGOxphF/ulkvj4/m8BAoGAJNbjzOvLvQbRPJgKkYLpx9vnzrpI
LX+wYSnjUeSoG2KNWnxiKRZoFw4z59y4miBW1h/kXhVg/J/lbny02IbK
EhT2um0RgBcPUcmgXjrJ6ORiGainpAciylWqjjgoEByfVNqX6Awn4TxS
ZS1rtqACgYAapRcA+QPBUtEx/8MU6zTAl8XBGWPMXvrJl0bUhVXi6i0P
c40ggP/Q3j8/2zBeO1RhqiIXL2n8hS3WVFzrZjRtX/x1YkWYPHYQKYUw
Vx2FLeRnF0fl4fyKUGsOKAernxEjFd+fO33AMIXHfcJMpzV89abBswIV
2b+lhxUI/fHbIQTSPg7+
-----END DSA PRIVATE KEY-----

8.
Output of: cat /var/www/.ssh/known_hosts

cat: /var/www/.ssh/known_hosts: No such file or directory

9.
Output of: /usr/local/nagios/libexec/check_by_ssh -V

check_by_ssh v1.5 (nagios-plugins 1.5)

Can someone help me on this?
Thanks.

Paulo.

[tgriep]

The link below are the instructions for installing and configuring the VMware Virtualization Wizard on the XI system.
https://exchange.nagios.org/components/ ... 3&cf_id=29
Page 2 has the instructions for creating the required folders in the /var/www folder and also for copying the known_hosts and the id_dsa file to the correct folder.
Login as root to the XI server and run the following commands.

Code: Select all

cp /home/nagios/.ssh/known_hosts /var/www/.ssh/
cp /home/nagios/.ssh/id_dsa /var/www/.ssh/
setfacl -R -m u:apache:r-x /var/www/.ssh/

This will copy over ssh files that work for the nagios user to the folder that the wizard needs to run as the Apache user.
This should fix the issue and let up know if it helps.

[paulo.nogueira]

Hi tgriep, thanks for your reply.

Actually, and for our information I was able to understand that the problem was on how vicredentials.xml is storing the username. My readonly user as VSPHERE.LOCAL\username and the file it self was storing as VSPHERE.LOCALusername (no \)

It may be strange (at least it was strange for me) but I have overcome this simply by adding the username with quotes:
/usr/lib/vmware-vcli/apps/general/credstore_admin.pl add --server my_server --username 'VSPHERE.LOCAL\username'

Regards,

[dwhitfield]

It sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!

[paulo.nogueira]

OK to lock this thread.