Hi
We are trying to do docker montioring. Nagios is throwing up 'UNKNOWN: cURL call failed'.
Previosuly was using version 1.1.0, changed to latest version 1.1.1 check_docker.py. Still we are seeing this error. Please do the needful
UNKNOWN: cURL call failed
UNKNOWN: cURL call failed
You do not have the required permissions to view the files attached to this post.
Re: UNKNOWN: cURL call failed
Did you configure it at first with the Docker Wizard?
You could also use the -v flag to gather more verbose output. This might just give us the information we need to diagnose the issue.
Is there anything like a proxy or firewall on your network that could be interfering with the connection? What is the output to the following command?
You could also use the -v flag to gather more verbose output. This might just give us the information we need to diagnose the issue.
Is there anything like a proxy or firewall on your network that could be interfering with the connection? What is the output to the following command?
Code: Select all
nmap <client ip>
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: UNKNOWN: cURL call failed
No it was done with the Docker wizard. We are using ssh to access the docker host.
Attached the nmap snapshot. No firewall issues we have the same ports for other nagios instances where we are montioring docker and it is working fine.
Verbose output:
[nagios@xxxxxxxx libexec]$ ./check_docker.py -H xxxxxx --check-type 'containers_cpu' -C 'checkout' -v -t 10 -w 75 - c 80
UNKNOWN: cURL call failed Stderr: % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Attached the nmap snapshot. No firewall issues we have the same ports for other nagios instances where we are montioring docker and it is working fine.
Verbose output:
[nagios@xxxxxxxx libexec]$ ./check_docker.py -H xxxxxx --check-type 'containers_cpu' -C 'checkout' -v -t 10 -w 75 - c 80
UNKNOWN: cURL call failed Stderr: % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
You do not have the required permissions to view the files attached to this post.
Re: UNKNOWN: cURL call failed
Is that certificate self signed or expired? That could be some other causes of this. You should be able to view the certificate with the following command.
You could also use the --secure-connection option on the plugin if you think the default socket could be wrong.
Code: Select all
openssl s_client -showcerts -connect hostname.domain.tld:443...or use --insecure-registries to see if it works without SSL at all.--secure-connection [<ip/host address>:<port>]
Where to find TLS protected docker daemon socket.
--insecure-registries INSECURE_REGISTRIES [INSECURE_REGISTRIES ...]
List of registries to connect to with http(no TLS).
Useful when using "--version" with images from
insecure registries.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: UNKNOWN: cURL call failed
--insecure-registries INSECURE_REGISTRIES [INSECURE_REGISTRIES ...]
List of registries to connect to with http(no TLS).
Useful when using "--version" with images from
insecure registries.
Where to add this " --insecure-registries" -- check_docker.py doesn't have the option to add this argument
[nagios@XXXXXXX ~]$ /usr/local/nagios/libexec/check_docker.py -H xxxxxxxx / --check-type 'containers_cpu' -C 'store-order-svc' -t 0 -w '75' -c '80' --insecure-registries
Usage: check_docker.py [options]
check_docker.py: error: no such option: --insecure-registries
check_docker.py: error: no such option: --secure-connection
it has self signed certificate. Below is the output for the showcerts command
List of registries to connect to with http(no TLS).
Useful when using "--version" with images from
insecure registries.
Where to add this " --insecure-registries" -- check_docker.py doesn't have the option to add this argument
[nagios@XXXXXXX ~]$ /usr/local/nagios/libexec/check_docker.py -H xxxxxxxx / --check-type 'containers_cpu' -C 'store-order-svc' -t 0 -w '75' -c '80' --insecure-registries
Usage: check_docker.py [options]
check_docker.py: error: no such option: --insecure-registries
check_docker.py: error: no such option: --secure-connection
it has self signed certificate. Below is the output for the showcerts command
You do not have the required permissions to view the files attached to this post.
Re: UNKNOWN: cURL call failed
You will need to get that system to trust the certificates your local certificate authority uses or use one of the following settings on checkdocker.py.
...or use the -k option.
The exact steps to trust that certificate authority will depend on what operating system that is running.
Code: Select all
--cert=CERT The full path to the TLS v1.0 cert to access your
secure docker port (remote connection only).
--key=KEY The full path to the TLS v1.0 key to access your
secure docker port (remote connection only).
--cacert=CACERT The full path to the TLS v1.0 cacert to access your
secure docker port (remote connection only).The exact steps to trust that certificate authority will depend on what operating system that is running.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: UNKNOWN: cURL call failed
Locking thread, ticket received, we will continue support through the ticket.
Thank you!
Thank you!