Page 3 of 5
Re: Could not complete SSL handshake (check_nrpe is fine)
Posted: Wed Mar 26, 2014 3:23 pm
by lmiltchev
If you are sure that you restarted nrpe on the client after modifying the following line in the nrpd.cfg file:
and you are still getting the following error:
Code: Select all
Mar 26 14:16:32 nrpe[19778]: Error: Request contained command arguments!
Mar 26 14:16:32 nrpe[19778]: Client request was invalid, bailing out...
then, I would guess that you didn't enable the command arguments when you were compiling nrpe.
Please, take a look at the nrpe.cfg file:
# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed. This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments
dont_blame_nrpe=1
Re: Could not complete SSL handshake (check_nrpe is fine)
Posted: Wed Mar 26, 2014 3:29 pm
by hazmat
Thanks, but I cannot have a compiler on this server. I had to download a pre-compiled nrpe. Is there a command to see all the enabled options from the build? Do you know if one for RHEL that has this enabled, assuming what I have running has it disabled?
Re: Could not complete SSL handshake (check_nrpe is fine)
Posted: Thu Mar 27, 2014 9:59 am
by abrist
Most of the distribution nrpe packages turn this off to avoid security warnings about their packages. Do you have a build server where we could build the bins and then transfer them over?
Re: Could not complete SSL handshake (check_nrpe is fine)
Posted: Mon Apr 07, 2014 9:53 am
by hazmat
Thanks again for the help here. I took the nagios install from the server and now I can run remote commands from the command line.
$ check_nrpe -H 1.2.3.4 -c check_disk -a '-w 20% -c 10% -p /var'
DISK OK - free space: /var 5418 MB (72% inode=99%);| /var=2107MB;6348;7141;0;7935
However, when I run via the application, I get "No output returned from plugin". This is the command I have in the cfg on the nagios server:
check_command check_nrpe!check_disk!-a '-w 20% -c 10% -p /var'
Thanks.
Re: Could not complete SSL handshake (check_nrpe is fine)
Posted: Mon Apr 07, 2014 11:53 am
by abrist
Can you try running the check from the cli as user 'nagios'?
Code: Select all
su nagios
check_nrpe -H 1.2.3.4 -c check_disk -a '-w 20% -c 10% -p /var'
Re: Could not complete SSL handshake (check_nrpe is fine)
Posted: Mon Apr 07, 2014 12:16 pm
by hazmat
No problem.
[nagios@nagios ~]$ /usr/local/nagios/libexec/check_nrpe -H 156.119.190.118 -c check_disk -a '-w 20% -c 10% -p /var'
DISK OK - free space: /var 5400 MB (71% inode=99%);| /var=2125MB;6348;7141;0;7935
I think it might be the command definition in nrpe.cfg on the nagios server. If the cfg for the remote server is:
Code: Select all
check_command check_nrpe!check_disk!-a '-w 20% -c 10% -p /var'
then what would the command definition be for check_disk in the nrpe.cfg?
Thanks.
Re: Could not complete SSL handshake (check_nrpe is fine)
Posted: Mon Apr 07, 2014 12:21 pm
by slansing
Well, the command definition as it stands, in the remote nrpe.cfg should be:
Code: Select all
/usr/local/nagios/libexec/check_disk $ARG1$
Where $ARG1$ is being passed in from the nagios command as '-w 20% -c 10% -p /var'.
Re: Could not complete SSL handshake (check_nrpe is fine)
Posted: Mon Apr 07, 2014 12:48 pm
by hazmat
Thanks. That's what I thought, but I still get "No output returned from plugin" from that.
Re: Could not complete SSL handshake (check_nrpe is fine)
Posted: Mon Apr 07, 2014 2:24 pm
by slansing
So sounds like there might be a bit of confusion here, the nrpe.cfg that should be looked at is the remote host's, the nagios server's nrpe.cfg definitions are not being used here.
What is the output of:
Code: Select all
cat /usr/local/nagios/etc/commands.cfg | grep check_nrpe
Also, do you recall what version of the plugins package was installed on the remote host?
Re: Could not complete SSL handshake (check_nrpe is fine)
Posted: Mon Apr 07, 2014 3:26 pm
by hazmat
Thanks. One of the two commands I was trying was already correct in the remote host's nrpe.cfg, but they both look correct now. commands.cfg is in /usr/local/nagios/etc/objects/commands.cfg, but:
Code: Select all
# grep check_nrpe objects/commands.cfg
# 'check_nrpe' command definition
command_name check_nrpe
command_line /usr/local/nagios/libexec/check_nrpe -n -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ $ARG3$ $ARG4$