Unable to execute script using event_handler

[bcolinet]

Hello,
I'm encountering an issue using event_handler to run a script (the script juste start a scheduled task on a windows server, that initiates a shutdown of all virtual machines in my infrastructure using powercli). When i'm starting the script manually, everything is going fine.
i'm running nagiosxi on linux centos

i've followed the following procedure
1) i've created a (type: misc) command in nagiosxi (Configure > Core Config Manager > Commands)
2) i've created a host in nagiosxi (for SNMP monitoring of a powersupply)
3) on my linux, i've :
cd /usr/local/nagios/libexec
touch event_handler_shutdown.sh
chmod +x event_handler_shutdown.sh
vi event_handler_shutdown.sh
content of the script : sshpass -p 'MyPassword123' ssh -tt -l admin@company.local 10.0.0.1 "schtasks /Run /TN Shutdown_ALL_VM"
4) i'm submitting a passive check result
home > host detail > event_handler_shutdown > advanced > submit passive check result
5) the host simulates a down-time but nothing happens

Probably something wrong on my linux. permissions ?

but i've already modified the sudoers file with
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
nagios ALL=(ALL) ALL
NAGIOSXI ALL=(ALL) ALL

i've also checked my settings with documentation : https://assets.nagios.com/downloads/nag ... ios-XI.pdf

Anyone any idea why this doesn't work ?

the global idea is when powerloss is detected (i've a servercheck where i can check my snmp traps) all vm's of my vcenter needs to shutdown in a specific order. When i execute my script manually from my centos linux everything is working fine. but when it's called throug the event_handler it's just doing nothing !

a simple a echo to a text file works but yeah not very usefull in my case.

thanks in advance for your help & time
Bruno

[tgriep]

Can you post the full event_handler_shutdown.sh script so we can view it?

Have you tried to run the script while logged in as the nagios user?
Run the following on the Nagios server and post the output.

Code: Select all

su nagios
/usr/local/nagios/libexec/event_handler_shutdown.sh

Enable the event handler logging in Nagios by editing this file

Code: Select all

/usr/local/nagios/etc/nagios.cfg

and change this option from

Code: Select all

log_event_handlers=0

to

Code: Select all

log_event_handlers=1

Save and restart nagios by running

Code: Select all

service nagios restart

Now simulate the host going down and check the /usr/local/nagios/var/nagios.log file if the event ran.
Post any output you find.

[bcolinet]

Thanks for your help !

here the full script "event_handler_shutdown.sh"

Code: Select all

#!/bin/bash
set -x
DATE=$(date)
echo "Power has been lost at $DATE" >> /usr/local/nagios/libexec/tmp/shutdown_log.txt
sshpass -p 'P@ssword123' ssh -tt -l administrator@domain.local 10.0.254.4 "schtasks /Run /TN Shutdown_ALL_INFRA"

I've changed the logfile with log_event_handlers=1 and restarted the nagios service.

if i execute the script with nagios user (it doesn't work)
--> The script executes partially. The logfile is written but the scheduled task is NOT running or starting on the windows server (10.0.254.4)

If i exeucte the script with root user (it works)
--> The script executes. The logfile is written and the scheduled task is running on the windows server (10.0.254.4)

I've simulate a host shutdown in NagiosXI. But still not scheduled task initiated on my windows server.

[1496842819] HOST ALERT: event_handler_test;DOWN;HARD;1;test bc
[1496842819] GLOBAL HOST EVENT HANDLER: event_handler_test;DOWN;HARD;1;xi_host_event_handler
[1496842819] HOST EVENT HANDLER: event_handler_test;DOWN;HARD;1;event_handler_initshutdown
[1496842820] wproc: HOST EVENTHANDLER job 21 from worker Core Worker 31193 is a non-check helper but exited with return code 6
[1496842820] wproc: early_timeout=0; exited_ok=1; wait_status=1536; error_code=0;
[1496842820] wproc: stderr line 01: ++ date
[1496842820] wproc: stderr line 02: + DATE='Wed Jun 7 15:40:19 CEST 2017'
[1496842820] wproc: stderr line 03: + echo 'The host has changed state at Wed Jun 7 15:40:19 CEST 2017'
[1496842820] wproc: stderr line 04: + sshpass -p 'P@ssword123*' ssh -tt -l administrator@domain.local 10.0.254.4 'schtasks /Run /TN Shutdown_ALL_INFRA'
[root@servername ~]#

The permissions of the script (event_handler_shutdown.sh) are:
-rwxrwxr-x 1 apache nagios 291 Jun 7 15:17

Thanks in advance for you help

[avandemore]

What happens when you run:

Code: Select all

# su - nagios
$ sshpass -p 'P@ssword123*' ssh -tt -l administrator@domain.local 10.0.254.4 'schtasks /Run /TN Shutdown_ALL_INFRA'

[bcolinet]

thanks for your reply
but same errors and still no run with nagios user or eventhandler
[1496911822] HOST ALERT: event_handler_test;DOWN;HARD;1;test
[1496911822] GLOBAL HOST EVENT HANDLER: event_handler_test;DOWN;HARD;1;xi_host_event_handler
[1496911822] HOST EVENT HANDLER: event_handler_test;DOWN;HARD;1;event_handler_initshutdown
[1496911823] wproc: HOST EVENTHANDLER job 14959 from worker Core Worker 31195 is a non-check helper but exited with return code 6
[1496911823] wproc: early_timeout=0; exited_ok=1; wait_status=1536; error_code=0;

[dwhitfield]

What is the output of sestatus? Also, can you post your complete sudoers? You can PM it if you prefer.

[bcolinet]

thanks for your help .

output of sestatus

Code: Select all

SELinux status:                 disabled

[bcolinet]

output of sudoers file

Code: Select all

## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.

## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias     FILESERVERS = fs1, fs2
# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands...

## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
"/etc/sudoers" [readonly] 156L, 6187C

## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification
#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
#         You have to run "ssh -t hostname sudo <cmd>".
#
###Defaults    requiretty

#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults   !visiblepw

#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults    always_set_home

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults   env_keep += "HOME"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## Syntax:
##
##      user    MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
nagios  ALL=(ALL)       ALL
NAGIOSXI ALL=(ALL)      ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d

User_Alias      NAGIOSXI=nagios
User_Alias              NAGIOSXIWEB=apache
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagios/libexec/event_handler_shutdown.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *

[tgriep]

Please post the output of these commands.

Code: Select all

su - nagios
sshpass -p 'P@ssword123*' ssh -tt -l administrator@domain.local 10.0.254.4 'schtasks /Run /TN Shutdown_ALL_INFRA'

[bcolinet]

Hello,

thanks for your help.

The command just executes fines without any error. But nothing happens on my other (windows) server.

thanks
Bruno