Solaris 10 agent SSL failure

[gpburdell93]

We've got a newly installed NRPE agent on a Solaris 10

Here's the active lines from /etc/nagios/nrpe.cfg

Code: Select all

log_facility=daemon
pid_file=/var/run/nrpe.pid
server_port=5666
nrpe_user=nagios
nrpe_group=nagios
allowed_hosts=$NAGIOS_SERVER_IP
dont_blame_nrpe=1
debug=0
command_timeout=60
connection_timeout=300
include=/etc/nagios/nrpe/common.cfg

And the Solaris 10 server is

Code: Select all

# uname -a
SunOS $HOSTNAME 5.10 Generic_148888-02 sun4v sparc SUNW,Sun-Fire-T200

Despite not finding any mention here, is there a known issue with Solaris 10 or Sun-Fire T2000s & the NRPE agent?

Alternately, since it appears that SSL connections will not be viable. Is there any way to switch all the Services from encrypted to non-ecrypted? I can see a switch to set when running the Monitoring Wizard, but after everything's created, I see no easy way to convert.

[abrist]

In order to build nrpe with ssl on solaris, you will need the openssl headers before you compile nrpe/plugins. You can specify "-n" in the check to ignore encryption. Copy the command in XI and add "-n" to the command line. Use the copied/renamed command for your solaris checks.

[gpburdell93]

In order to build nrpe with ssl on solaris, you will need the openssl headers before you compile nrpe/plugins. You can specify "-n" in the check to ignore encryption. Copy the command in XI and add "-n" to the command line. Use the copied/renamed command for your solaris checks.

Thanks for the command-copy advice. I've done that, enabling monitoring to work.

I'd still like to know why SSL doesn't function in this Solaris agent.

[gpburdell93]

For anyone else coming across this, let me note that I also changed the SMF startup script for nrpe to use the '-n' command-line option on the Solaris host.

Oddly, unlike the Linux monitoring wizard, the Solaris monitoring wizard does not have a switch to select unencrypted monitoring.

[slansing]

Good note, I'd also mention, feel free to post this in the development section of the forums so that the NRPE development lead can take a look.

[nagiostool]

Hi,

Can you let me know how to change the option in SMF ?

[nagiostool]

I have run the script as ./fullinstall -n and after installation i have checked nrpe but i got the below error.

/opt/nagios/libexec/check_nrpe -H localhost
CHECK_NRPE: Error - Could not complete SSL handshake.

[sreinhardt]

-n needs to be specified when starting the remote daemon and in the nagios command\service definitions. They are not actually build flags, but flags to instruct the compiled binaries to ignore ssl.

[nagiostool]

i have tried to start the demon on remote host as below.

/opt/nagios/bin/nrpe -n -c /home/nagios/etc/nrpe.cfg -i

But i'm getting same SSL handshake error.

Solaris version is as below.

SunOS dixie1 5.10 Generic_147441-07 i86pc i386 i86pc

[slansing]

After starting with no ssl, did you also run the command from the nagios server with the '-n' flag? How did you define it?