Issue box293 ESXI plugin and vMA Appliance

[Box293]

In my previous reply, I tried the command as nagios user. Now I tried as root

# below command did NOT prompt for credentials
[root@nagiosxi ~]# su -s /bin/sh apache
sh-4.2$

Yes, su to apache as root is required.

So now you are the apache user, execute these commands:

Does this command prompt you for credentials?

Code: Select all

ssh [email protected]

If you do login or are not prompted for credentials, type exit so end the SSH session and return to the nagios host.

Does this command prompt you for credentials, what is the output?

Code: Select all

/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'

[coopstudent]

# below command did NOT prompt for credentials
[root@nagiosxi ~]# su -s /bin/sh apache

# below below command did produce output and prompt for credentials
sh-4.2$ ssh [email protected]
Could not create directory '/usr/share/httpd/.ssh'.
The authenticity of host '10.xxx.xxx.xxx (10.xxx.xxx.xxx)' can't be established.
ECDSA key fingerprint is #############
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/usr/share/httpd/.ssh/known_hosts).

Welcome to SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) - Kernel \r (\l).

[email protected]'s password:

# below below command did produce output and prompt for credentials
[root@nagiosxi ~]# /usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'
[email protected]'s password:
CRITICAL - Plugin timed out after 10 seconds
[root@nagiosxi ~]#

[Box293]

OK these are good results, it points to the problem.

# below below command did produce output and prompt for credentials
sh-4.2$ ssh [email protected]
Could not create directory '/usr/share/httpd/.ssh'.
The authenticity of host '10.xxx.xxx.xxx (10.xxx.xxx.xxx)' can't be established.
ECDSA key fingerprint is #############
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/usr/share/httpd/.ssh/known_hosts).

Welcome to SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) - Kernel \r (\l).

[email protected]'s password:

Let me explain.

Earlier I got you to test the "nagios" user ssh [email protected] and it all worked without asking for credentials. This means that all the key ssh files are correctly setup. Then what we do is take a copy of these and put them in the same location for the apache user. Because the apache user is being prompted, something has gone wrong in the steps so let's delete the files and copy them again.

As root:

Code: Select all

rm -rf /var/www/.ssh
mkdir /var/www/.ssh
cp /home/nagios/.ssh/known_hosts /var/www/.ssh/
cp /home/nagios/.ssh/id_dsa /var/www/.ssh/
setfacl -R -m u:apache:r-x /var/www/.ssh/ 

Once you've done that, try as apache again:

Code: Select all

su -s /bin/sh apache

ssh [email protected]

/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'

[seanc1983]

Hi there,

I've just built a new nagios XI environment and I'm having a very similar issue.

After completing the vMA and box293 config as per the manual, I get the attached error.

From the console, tried running the rm and cp commands again, no such luck yet:

Code: Select all

[root@XXX-XXX /]# rm -rf /var/www/.ssh
[root@XXX-XXX /]# mkdir /var/www/.ssh
[root@XXX-XXX /]# cp /home/nagios/.ssh/known_hosts /var/www/.ssh/
[root@XXX-XXX /]# cp /home/nagios/.ssh/id_dsa /var/www/.ssh/
[root@XXX-XXX /]# setfacl -R -m u:apache:r-x /var/www/.ssh/
[root@XXX-XXX /]# su -s /bin/sh apache
sh-4.2$ ssh [email protected]
Could not create directory '/usr/share/httpd/.ssh'.
The authenticity of host 'X.X.X.X (X.X.X.X)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/usr/share/httpd/.ssh/known_hosts).
Welcome to vSphere Management Assistant
[email protected]'s password:

As the nagios user it works just fine:

Code: Select all

sh-4.2$ exit
exit
[root@XXX-XXX /]# su nagios
[nagios@SRV-NAGMON /]$ ssh [email protected]
Welcome to vSphere Management Assistant
Last login: Tue Aug 30 05:51:26 2016 from X.X.X.X
vi-admin@XXX:~>

SSH V1.5:

check_by_ssh v1.5 (nagios-plugins 1.5)

Thoughts ? Any guidance is much appreciated..

[ssax]

If it's working with the nagios user have you tried applying configuration to and see if when the check runs normally it works?

Other than trying that, it's saying that the apache user doesn't have rights to create/write /usr/share/httpd/.ssh and/or /usr/share/httpd/.ssh/known_hosts.

[Box293]

The settings manager component is assuming the "home" directory for the apache user is /var/www/ whereas is appears as though it's /usr/share/httpd/.

Try this:

Code: Select all

rm -rf /usr/share/httpd/.ssh
mkdir /usr/share/httpd/.ssh
cp /home/nagios/.ssh/known_hosts /usr/share/httpd/.ssh/
cp /home/nagios/.ssh/id_dsa /usr/share/httpd/.ssh/
setfacl -R -m u:apache:r-x /usr/share/httpd/.ssh/

[seanc1983]

@Box293:

That worked immediately.

Thank you for that, much appreciated, now i can continue through the vmware setup now.

[tmcdonald]

Glad it's working now! Are we okay to close this thread?