Users unable to see hosts, no CGs visible in server wizard

[jalfaro]

XI add host as nagiosadmin.png

I decided to try removing the host and re-adding it as the nagiosadmin user and it appears that the contact groups / individuals don't show up here either when logged in as 'nagiosadmin'

[dwhitfield]

How exactly, specifically, are you setting this up? If you don't feel like you are giving too much information, you are probably not giving enough. I want you to go through the entire process, from LDAP import to Apply Config. We've found some additional oddities in your profile, that we really need specifics to try to duplicate.

Also, this probably doesn't matter, but what type of LDAP are you using? Again, please be specific with version #s and such.

Please provide the output of the following commands in individual code blocks. Please put the output in a code block. The "Code" button is the fifth from the left on the post input screen (between Quote and List).

Code: Select all

ll /usr/local/nagios/var/objects.cache
ll /usr/local/nagios/etc

[jalfaro]

I started with 2 completely new and cleanly installed CentOS 7.3.1611 servers. I downloaded and ran the Nagios XI latest installer, then the mod gearman installer both following the PDF installation guides. I then followed the guide for setting up SSL. I followed the 'Authenticating-and-Importing-Users-with-Active-Directory-in-Nagios-XI' guide for the AD/LDAP import:

Login to Nagios XI with the nagiosadmin account.
Select Admin > Manage Users > Add users from LDAP/AD.
Authenticate with the AD Service Account.
Select the users to be imported, then click 'Add Selected Users'.
- Users are located in Accounts > Provisioned > LOCALE > US Citizens
Toggle ALL to select all users, then edit their preferences:
- Change the Date Format to: MM/DD/YYYY HH:MM:SS
Next edit their Security Settings:
Default for regular users should be to check:
- Can (re)configure hosts and services
- Can control all hosts and services
- Can access advanced features
Finally click 'Import'

That brought in the 3 users seen in the screenshot. We're connecting to an AD domain controller - here are the connection settings I entered into XI:

Application Config:
Connection Method: Active Directory
Base DN: DC=hq,DC=corp,DC=viasat,DC=com
Account Suffix: @hq.corp.viasat.com
Domain Controllers: domain controller FQDN removed
Security: SSL

It's a Windows Server domain controller - if you need exact version numbers I can get them from my Windows team.

Code: Select all

[pdevin@wdc1xit01 ~]$ ll /usr/local/nagios/var/objects.cache
-rw-r--r-- 1 nagios nagios 33429 Aug 16 14:44 /usr/local/nagios/var/objects.cache
[pdevin@wdc1xit01 ~]$ ll /usr/local/nagios/etc
total 192
-rw-rw-r-- 1 apache nagios   886 Sep  1 16:51 cgi.cfg
-rw-rw-r-- 1 apache nagios 25913 Sep  6 18:09 commands.cfg
-rw-rw-r-- 1 apache nagios  1316 Sep  6 18:09 contactgroups.cfg
-rw-rw-r-- 1 apache nagios  2951 Sep  6 18:09 contacts.cfg
-rw-rw-r-- 1 apache nagios  1675 Sep  6 18:09 contacttemplates.cfg
-rw-rw-r-- 1 apache nagios   817 Sep  6 18:09 hostdependencies.cfg
-rw-rw-r-- 1 apache nagios   819 Sep  6 18:09 hostescalations.cfg
-rw-rw-r-- 1 apache nagios   837 Sep  6 18:09 hostextinfo.cfg
-rw-rw-r-- 1 apache nagios  1256 Sep  6 18:09 hostgroups.cfg
drwsrwsr-x 2 apache nagios  4096 Sep  6 18:09 hosts
-rw-rw-r-- 1 apache nagios 16082 Sep  6 18:09 hosttemplates.cfg
drwsrwsr-x 2 apache nagios  4096 Sep  6 18:09 import
-rwxrwxr-x 1 apache nagios  5778 Aug 14 15:46 nagios.cfg
-rw-rw-r-- 1 apache nagios  2229 Aug 14 15:40 ndo2db.cfg
-rw-rw-r-- 1 apache nagios  4827 Aug 14 15:40 ndomod.cfg
-rw-rw-r-- 1 apache nagios  7988 Aug 14 15:40 nrpe.cfg
-rw-rw-r-- 1 apache nagios  5345 Aug 14 15:40 nsca.cfg
drwxrwsr-x 4 apache nagios  4096 Aug 15 17:08 pnp
-rwxrwxr-x 1 apache nagios   210 Aug 14 15:37 resource.cfg
-rw-rw-r-- 1 apache nagios  1627 Aug 14 15:40 send_nsca.cfg
-rw-rw-r-- 1 apache nagios   823 Sep  6 18:09 servicedependencies.cfg
-rw-rw-r-- 1 apache nagios   825 Sep  6 18:09 serviceescalations.cfg
-rw-rw-r-- 1 apache nagios   843 Sep  6 18:09 serviceextinfo.cfg
-rw-rw-r-- 1 apache nagios   813 Sep  6 18:09 servicegroups.cfg
drwsrwsr-x 2 apache nagios  4096 Sep  6 18:09 services
-rw-rw-r-- 1 apache nagios 24852 Sep  6 18:09 servicetemplates.cfg
drwsrwsr-x 2 apache nagios  4096 Aug 15 17:08 static
-rw-rw-r-- 1 apache nagios  4943 Sep  6 18:09 timeperiods.cfg
[pdevin@wdc1xit01 ~]$ 

After importing the users, I created a contact group and a host group both called 'GlobalSolutions'. I added the user account 'jalfaro' to the GlobalSolutions contact group, and when I did not see the GS host group during the host add process I logged into the 'nagiosadmin' account and added the newly defined host to the 'GlobalSolutions' host group thinking that should make it visible to the 'jalfaro' user, however when I logged in as 'jalfaro' again I could not see the new host as I expected.

I'm curious about the 'oddities' - can you expand on that? These are completely new servers that had only an operating system on top of which I ran through the installer documentation so I'm not sure what sort of oddities you would be seeing or what might have caused them. Thanks very much for trying to help!

[dwhitfield]

Please try the following and see if your issue remains:

Code: Select all

service nagios stop
rm /usr/local/nagios/var/objects.cache
service nagios start

The permissions are correct, but your objects.cache is not getting updated. Unless you've got some sort of hardening other than what I've already asked about, then I'm not sure what would cause it. I/O issues might, but on a new box with so few hosts/services that would be really bizarre. Do you have any hardening set up at the disk level? The objects.cache and the configs are in different directories. Sometimes people put /usr/local/ in it's own box, but if there were more granular controls than that, it could happen.

Also, what's the output of the umask for both root and the nagios user?

[jalfaro]

That did it! I can see the host now with the 'jalfaro' user, thanks!

FWIW - the umask for both nagios and root is 0022

[dwhitfield]

Normally, nagios would be umask of 0002, but I can't really see that being an issue.

Just to make sure everything is as it should be, what is the output of the following:

Code: Select all

ll -d /usr/local/nagios/var/
grep nag /etc/passwd
grep nag /etc/group

[jalfaro]

Normally, nagios would be umask of 0002, but I can't really see that being an issue.

Just to make sure everything is as it should be, what is the output of the following:

Code: Select all

ll -d /usr/local/nagios/var/
grep nag /etc/passwd
grep nag /etc/group

Code: Select all

[root@wdc1xit01 pdevin]# ll -d /usr/local/nagios/var/
drwxrwxr-x 6 nagios nagios 4096 Sep  7 12:39 /usr/local/nagios/var/
[root@wdc1xit01 pdevin]# grep nag /etc/passwd
systemd-network:x:998:996:systemd Network Management:/:/sbin/nologin
nagios:x:996:994::/var/spool/nagios:/sbin/nologin
[root@wdc1xit01 pdevin]# grep nag /etc/group
nagios:x:994:nagios,apache
nagcmd:x:1000:nagios,apache
[root@wdc1xit01 pdevin]# 

[dwhitfield]

nagios *will* need a login.

I think probably the home should be as the below too, but I am not sure if that is used in default configurations or just in additional components.

Code: Select all

/home/nagios:/bin/bash

[jalfaro]

Okay - I guess I just manually do that with usermod? Should it not have been created during install or did I just miss a step somewhere?

Also - I just removed the host and services I had added, but they still showed up on my screen until I stopped the nagios service, deleted that objects cache file again, and restarted nagios. I don't think I'm supposed to have to do this every time there's a change - is this because of the nagios nologin thing?

EDIT: I added /bin/bash as the login shell for nagios, but I'm still having to delete that objects cache after every change to get the pages to update.

[root@wdc1xit01 nagios]# grep nagios /etc/passwd
nagios996:994::/var/spool/nagios:/bin/bash
[root@wdc1xit01 nagios]#

[dwhitfield]

We may need to end up moving this to a ticket. If you want to do that, please email [email protected] and reference this ticket.

For now though, let's get the output of the following commands:

Code: Select all

grep apache /etc/passwd
which bash