Page 2 of 2
Re: Issue box293 ESXI plugin and vMA Appliance
Posted: Tue Feb 09, 2016 6:07 pm
by Box293
coopstudent wrote:In my previous reply, I tried the command as nagios user. Now I tried as root
# below command did NOT prompt for credentials
[root@nagiosxi ~]# su -s /bin/sh apache
sh-4.2$
Yes, su to apache as root is required.
So now you are the apache user, execute these commands:
Does this command prompt you for credentials?
If you do login or are not prompted for credentials, type exit so end the SSH session and return to the nagios host.
Does this command prompt you for credentials, what is the output?
Code: Select all
/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'
Re: Issue box293 ESXI plugin and vMA Appliance
Posted: Wed Feb 10, 2016 11:40 am
by coopstudent
# below command did NOT prompt for credentials
[root@nagiosxi ~]# su -s /bin/sh apache
# below below command did produce output and prompt for credentials
sh-4.2$ ssh
[email protected]
Could not create directory '/usr/share/httpd/.ssh'.
The authenticity of host '10.xxx.xxx.xxx (10.xxx.xxx.xxx)' can't be established.
ECDSA key fingerprint is #############
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/usr/share/httpd/.ssh/known_hosts).
Welcome to SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) - Kernel \r (\l).
[email protected]'s password:
# below below command did produce output and prompt for credentials
[root@nagiosxi ~]# /usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'
[email protected]'s password:
CRITICAL - Plugin timed out after 10 seconds
[root@nagiosxi ~]#
Re: Issue box293 ESXI plugin and vMA Appliance
Posted: Wed Feb 10, 2016 5:14 pm
by Box293
OK these are good results, it points to the problem.
coopstudent wrote:# below below command did produce output and prompt for credentials
sh-4.2$ ssh
[email protected]
Could not create directory '/usr/share/httpd/.ssh'.
The authenticity of host '10.xxx.xxx.xxx (10.xxx.xxx.xxx)' can't be established.
ECDSA key fingerprint is #############
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/usr/share/httpd/.ssh/known_hosts).
Welcome to SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) - Kernel \r (\l).
[email protected]'s password:
Let me explain.
Earlier I got you to test the "nagios" user ssh
[email protected] and it all worked without asking for credentials. This means that all the key ssh files are correctly setup. Then what we do is take a copy of these and put them in the same location for the apache user. Because the apache user is being prompted, something has gone wrong in the steps so let's delete the files and copy them again.
As root:
Code: Select all
rm -rf /var/www/.ssh
mkdir /var/www/.ssh
cp /home/nagios/.ssh/known_hosts /var/www/.ssh/
cp /home/nagios/.ssh/id_dsa /var/www/.ssh/
setfacl -R -m u:apache:r-x /var/www/.ssh/
Once you've done that, try as apache again:
Code: Select all
su -s /bin/sh apache
ssh [email protected]
/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'
Re: Issue box293 ESXI plugin and vMA Appliance
Posted: Tue Aug 30, 2016 1:15 am
by seanc1983
Hi there,
I've just built a new nagios XI environment and I'm having a very similar issue.
After completing the vMA and box293 config as per the manual, I get the attached error.
From the console, tried running the rm and cp commands again, no such luck yet:
Code: Select all
[root@XXX-XXX /]# rm -rf /var/www/.ssh
[root@XXX-XXX /]# mkdir /var/www/.ssh
[root@XXX-XXX /]# cp /home/nagios/.ssh/known_hosts /var/www/.ssh/
[root@XXX-XXX /]# cp /home/nagios/.ssh/id_dsa /var/www/.ssh/
[root@XXX-XXX /]# setfacl -R -m u:apache:r-x /var/www/.ssh/
[root@XXX-XXX /]# su -s /bin/sh apache
sh-4.2$ ssh [email protected]
Could not create directory '/usr/share/httpd/.ssh'.
The authenticity of host 'X.X.X.X (X.X.X.X)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/usr/share/httpd/.ssh/known_hosts).
Welcome to vSphere Management Assistant
[email protected]'s password:
As the nagios user it works just fine:
Code: Select all
sh-4.2$ exit
exit
[root@XXX-XXX /]# su nagios
[nagios@SRV-NAGMON /]$ ssh [email protected]
Welcome to vSphere Management Assistant
Last login: Tue Aug 30 05:51:26 2016 from X.X.X.X
vi-admin@XXX:~>
SSH V1.5:
check_by_ssh v1.5 (nagios-plugins 1.5)
Thoughts ? Any guidance is much appreciated..
Re: Issue box293 ESXI plugin and vMA Appliance
Posted: Tue Aug 30, 2016 1:27 pm
by ssax
If it's working with the nagios user have you tried applying configuration to and see if when the check runs normally it works?
Other than trying that, it's saying that the apache user doesn't have rights to create/write /usr/share/httpd/.ssh and/or /usr/share/httpd/.ssh/known_hosts.
Re: Issue box293 ESXI plugin and vMA Appliance
Posted: Tue Aug 30, 2016 4:33 pm
by Box293
The settings manager component is assuming the "home" directory for the apache user is
/var/www/ whereas is appears as though it's
/usr/share/httpd/.
Try this:
Code: Select all
rm -rf /usr/share/httpd/.ssh
mkdir /usr/share/httpd/.ssh
cp /home/nagios/.ssh/known_hosts /usr/share/httpd/.ssh/
cp /home/nagios/.ssh/id_dsa /usr/share/httpd/.ssh/
setfacl -R -m u:apache:r-x /usr/share/httpd/.ssh/
Re: Issue box293 ESXI plugin and vMA Appliance
Posted: Wed Aug 31, 2016 5:54 pm
by seanc1983
@Box293:
That worked immediately.
Thank you for that, much appreciated, now i can continue through the vmware setup now.
Re: Issue box293 ESXI plugin and vMA Appliance
Posted: Thu Sep 01, 2016 9:26 am
by tmcdonald
Glad it's working now! Are we okay to close this thread?