Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

New NagiosXI server apply configuration taking hours

https://support.nagios.com/forum/viewtopic.php?t=42922

Page 2 of 6

Re: New NagiosXI server apply configuration taking hours

Posted: Mon Mar 20, 2017 3:35 pm
by dwhitfield
Additionally, please post your /etc/cron.d/nagios

Please run the following commands

Code: Select all

touch /usr/local/nagiosxi/var/cmdsubsys.log
chown nagios:nagios /usr/local/nagiosxi/var/cmdsubsys.log
Please let us know if that does not resolve the issue.

Re: New NagiosXI server apply configuration taking hours

Posted: Mon Mar 20, 2017 3:58 pm
by akepley

Code: Select all

[email protected] var# ls -rlt /etc/cron.d/
total 20
-rw------- 1 root root  235 Mar  8  2016 sysstat
-rw------- 1 root root  108 Jun 21  2016 raid-check
-rw-r--r-- 1 root root  113 Jul 22  2016 0hourly
-rw-r--r-- 1 root root  141 Mar  6 09:43 mrtg
-rw-r--r-- 1 root root 1632 Mar  6 09:46 nagiosxi

Code: Select all

[email protected] var# cat /etc/cron.d/nagiosxi
# /etc/cron.d/nagiosxi: crontab fragment for nagiosxi

# Backup MySQL & PostgreSQL Databases
0   7 * * * root   /root/scripts/automysqlbackup
0   7 * * * root   /root/scripts/autopostgresqlbackup > /dev/null 2>&1

*   * * * * nagios /usr/bin/php -q /usr/local/nagiosxi/cron/sysstat.php > /usr/local/nagiosxi/var/sysstat.log 2>&1
*   * * * * nagios /usr/bin/php -q /usr/local/nagiosxi/cron/cmdsubsys.php > /usr/local/nagiosxi/var/cmdsubsys.log 2>&1
*   * * * * nagios /usr/bin/php -q /usr/local/nagiosxi/cron/eventman.php > /usr/local/nagiosxi/var/eventman.log 2>&1
*   * * * * nagios /usr/bin/php -q /usr/local/nagiosxi/cron/event_handler.php > /usr/local/nagiosxi/var/event_handler.log 2>&1
*   * * * * nagios /usr/bin/php -q /usr/local/nagiosxi/cron/feedproc.php > /usr/local/nagiosxi/var/feedproc.log 2>&1
*   * * * * nagios /usr/bin/php -q /usr/local/nagiosxi/cron/perfdataproc.php > /usr/local/nagiosxi/var/perfdataproc.log 2>&1
*   * * * * nagios /usr/bin/php -q /usr/local/nagiosxi/cron/nom.php > /usr/local/nagiosxi/var/nom.log 2>&1
*   * * * * nagios /usr/bin/php -q /usr/local/nagiosxi/cron/reportengine.php > /usr/local/nagiosxi/var/reportengine.log 2>&1
*/5 * * * * nagios /usr/bin/php -q /usr/local/nagiosxi/cron/dbmaint.php > /usr/local/nagiosxi/var/dbmaint.log 2>&1
*   * * * * nagios /usr/bin/php -q /usr/local/nagiosxi/cron/cleaner.php > /usr/local/nagiosxi/var/cleaner.log 2>&1
01  * * * * nagios /usr/local/nagiosxi/cron/recurringdowntime.pl > /usr/local/nagiosxi/var/recurringdowntime.log 2>&1
*/5 * * * * nagios /usr/bin/php -q /usr/local/nagiosxi/cron/deadpool.php > /usr/local/nagiosxi/var/deadpool.log 2>&1

Re: New NagiosXI server apply configuration taking hours

Posted: Mon Mar 20, 2017 4:00 pm
by akepley
created the log file, system is not using it.

Re: New NagiosXI server apply configuration taking hours

Posted: Mon Mar 20, 2017 4:19 pm
by dwhitfield
Did you also set the ownership I suggested?

We got the profile, but I at least did not get the sudoers. Please send it, or report back if you already sent to @avandemore

Re: New NagiosXI server apply configuration taking hours

Posted: Mon Mar 20, 2017 4:33 pm
by akepley
I sent it to @avandemore before I saw your response.

Yes, I followed your directions

Code: Select all

[email protected] var# ls -rlt
total 28
-rw-r--r-- 1 nagios nagios  196 Mar  6 09:43 xiversion
drwxr-xr-x 2 nagios nagios 4096 Mar  6 09:43 upgrades
-rw-r--r-- 1 nagios nagios  950 Mar  6 09:43 xi-sys.cfg
-rw-r--r-- 1 nagios nagios   37 Mar  6 09:46 xi-uuid
-rw-r--r-- 1 nagios nagios    7 Mar  6 09:46 xi-itype
drwsrwsr-x 2 apache nagios 4096 Mar 20 16:41 components
-rw------- 1 nagios nagios    0 Mar 20 16:52 cmdsubsys.log
drwxr-xr-x 2 nagios nagios 4096 Mar 20 16:54 subsys

Re: New NagiosXI server apply configuration taking hours

Posted: Mon Mar 20, 2017 4:34 pm
by avandemore
Your sudoers is broken, I have attached the default working one.

Re: New NagiosXI server apply configuration taking hours

Posted: Mon Mar 20, 2017 4:38 pm
by akepley
Thats odd. Any idea how that could be since I went with the kb article?

Code: Select all

  
  944  tar xzvf xi-5.4.2.tar.gz nagiosxi/nagiosxi/nagiosxi.sudoers --strip-components 2
  945  ls -rlt
  946  grep -v NAGIOSXI /etc/sudoers > /etc/sudoers.new
  947  cat /etc/sudoers.new
  948  mv -f /etc/sudoers.new /etc/sudoers
  949  sed -i 's/^Defaults    requiretty/#Defaults    requiretty/g' /etc/sudoers
  950  cat /tmp/nagiosxi.sudoers >> /etc/sudoers
  951  chmod 440 /etc/sudoers
  952  rm -f /usr/local/nagiosxi/scripts/reconfigure_nagios.lock

Re: New NagiosXI server apply configuration taking hours

Posted: Mon Mar 20, 2017 4:41 pm
by akepley
doing a diff I'm only seeing two extra blank lines in my current sudoers

Code: Select all

[email protected] ~# diff sudoers /etc/sudoers
163a164,165
>
>

Re: New NagiosXI server apply configuration taking hours

Posted: Mon Mar 20, 2017 4:58 pm
by avandemore
Hm, I'm not sure, here's my diff:

Code: Select all

$ diff -u sudoers.txt default-sudoers.txt
--- sudoers.txt 2017-03-20 16:26:01.434862200 -0500
+++ default-sudoers.txt 2017-03-20 16:32:52.000458900 -0500
@@ -4,18 +4,18 @@
 ## Examples are provided at the bottom of the file for collections
 ## of related commands, which can then be delegated out to particular
 ## users or groups.
-##
+##
 ## This file must be edited with the 'visudo' command.

 ## Host Aliases
-## Groups of machines. You may prefer to use hostnames (perhaps using
+## Groups of machines. You may prefer to use hostnames (perhaps using
 ## wildcards for entire domains) or IP addresses instead.
 # Host_Alias     FILESERVERS = fs1, fs2
 # Host_Alias     MAILSERVERS = smtp, smtp2

 ## User Aliases
 ## These aren't often necessary, as you can use regular groups
-## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
+## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
 ## rather than USERALIAS
 # User_Alias ADMINS = jsmith, mikem

@@ -39,7 +39,7 @@
 # Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

 ## Delegating permissions
-# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
+# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

 ## Processes
 # Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
@@ -50,14 +50,7 @@
 # Defaults specification

 #
-# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
-#         You have to run "ssh -t hostname sudo <cmd>".
-#
-Defaults    requiretty
-
-#
-# Refuse to run if unable to disable echo on the tty. This setting should also be
-# changed in order to be able to use sudo without a tty. See requiretty above.
+# Refuse to run if unable to disable echo on the tty.
 #
 Defaults   !visiblepw

@@ -85,29 +78,29 @@

 Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

-## Next comes the main part: which users can run what software on
+## Next comes the main part: which users can run what software on
 ## which machines (the sudoers file can be shared between multiple
 ## systems).
 ## Syntax:
 ##
-##     user    MACHINE=COMMANDS
+##      user    MACHINE=COMMANDS
 ##
 ## The COMMANDS section may have other options added to it.
 ##
-## Allow root to run any commands anywhere
-root   ALL=(ALL)       ALL
+## Allow root to run any commands anywhere
+root    ALL=(ALL)       ALL

-## Allows members of the 'sys' group to run networking, software,
+## Allows members of the 'sys' group to run networking, software,
 ## service management apps and more.
 # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

 ## Allows people in group wheel to run all commands
-%wheel ALL=(ALL)       ALL
+# %wheel        ALL=(ALL)       ALL

 ## Same thing without a password
-# %wheel       ALL=(ALL)       NOPASSWD: ALL
+# %wheel        ALL=(ALL)       NOPASSWD: ALL

-## Allows members of the users group to mount and unmount the
+## Allows members of the users group to mount and unmount the
 ## cdrom as root
 # %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

@@ -116,20 +109,10 @@

 ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
 #includedir /etc/sudoers.d
-cloud-user     ALL=(ALL)       NOPASSWD: ALL
-ec2-user       ALL=(ALL)       NOPASSWD: ALL

-# NEEDED TO ALLOW NAGIOS TO CHECK SERVICE STATUS
-Defaults:nagios !requiretty
-nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_init_service
-
-# ASTERISK-SPECIFIC CHECKS
-# NOTE: You can uncomment the following line if you are monitoring Asterisk locally
-#nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_asterisk_sip_peers.sh, /usr/local/nagios/libexec/nagisk.pl, /usr/sbin/asterisk

-Defaults:apache !requiretty
 User_Alias      NAGIOSXI=nagios
-User_Alias             NAGIOSXIWEB=apache
+User_Alias              NAGIOSXIWEB=apache
 NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
 NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
 NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
@@ -161,5 +144,3 @@
 NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
 NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
 NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *

Re: New NagiosXI server apply configuration taking hours

Posted: Mon Mar 20, 2017 5:07 pm
by akepley
Nevermind, your version is definitely different, because it killed my access to sudo either from my user or from AWS ec2-user. I'll have to mount the volume somewhere else to fix to get back in.I"ll get back to you tomorrow.
All times are UTC-05:00
Page 2 of 6

Powered by phpBB® Forum Software © phpBB Limited