Yes there are firewall restriction, can I deploy Mod-Gearman Queues and Workers? I have 2 different network private(thats why I'm having the challenge) and public if you read through the forum chain.
Thanks,
Ravi
Proxy agent for Network!!!
-
kyang
Re: Proxy agent for Network!!!
Were you able to telnet that machine?
Are the correct server IP's listed in the client's allowed_hosts in nrpe.cfg? How do you have this defined?
Mod_gearman needs port 4730 tcp/udp open as well.
You will run into issues, either way, because of the firewall.
Are the correct server IP's listed in the client's allowed_hosts in nrpe.cfg? How do you have this defined?
Mod_gearman needs port 4730 tcp/udp open as well.
You will run into issues, either way, because of the firewall.
Re: Proxy agent for Network!!!
Sorry for the late reply, this what I'm seeing
telnet 10.135.x.x 5666
Trying 10.135.x.x...
Connected to 10.135.x.x
Escape character is '^]'.
telnet 10.135.x.x 5666
Trying 10.135.x.x...
Connected to 10.135.x.x
Escape character is '^]'.
Re: Proxy agent for Network!!!
sudo nmap 10.135.136.164 5666
Starting Nmap 6.40 ( http://nmap.org ) at 2018-02-27 20:20 UTC
setup_target: failed to determine route to 5666 (0.0.22.34)
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for nj51ntvsospd (10.135.x.x)
Host is up (0.000093s latency).
Not shown: 965 filtered ports, 27 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
2049/tcp open nfs
5050/tcp open mmcc
5666/tcp open nrpe
8088/tcp open radan-http
8090/tcp open unknown
Starting Nmap 6.40 ( http://nmap.org ) at 2018-02-27 20:20 UTC
setup_target: failed to determine route to 5666 (0.0.22.34)
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for nj51ntvsospd (10.135.x.x)
Host is up (0.000093s latency).
Not shown: 965 filtered ports, 27 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
2049/tcp open nfs
5050/tcp open mmcc
5666/tcp open nrpe
8088/tcp open radan-http
8090/tcp open unknown
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Proxy agent for Network!!!
These still need answers
They will need to contain all of the IP addresses of the server running check_nrpekyang wrote: Are the correct server IP's listed in the client's allowed_hosts in nrpe.cfg? How do you have this defined?
Re: Proxy agent for Network!!!
This is on the non route able server(no able to access to internet)
# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=127.0.0.1,::1,10.135.x.x
This is the director route able server(access to internet)
# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=127.0.0.1,::1,10.x.x.x,192.168.x.x
I think you are looking for this, please advice.
# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=127.0.0.1,::1,10.135.x.x
This is the director route able server(access to internet)
# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=127.0.0.1,::1,10.x.x.x,192.168.x.x
I think you are looking for this, please advice.
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Proxy agent for Network!!!
Yes, I'm sorry to make you re-explain this but I am really confused reading through the thread what machine exactly is calling
check_nrpe ?
I've read the thread, and I see mixing of terms, some say NRPE, some say have NRDP send results, other reference modGearman, another references installing NRPE and plugins on a non-routable server, and at present, I'm not even sure what machine if any, is trying to connect to another.
Also, what is the current problem? Because we can support your Nagios XI installation, we cannot offer consulting to setup a proof of concept for your manager, that is not included in your support contract.
Lets take this 1 thing at a time.
check_nrpe ?
I've read the thread, and I see mixing of terms, some say NRPE, some say have NRDP send results, other reference modGearman, another references installing NRPE and plugins on a non-routable server, and at present, I'm not even sure what machine if any, is trying to connect to another.
Also, what is the current problem? Because we can support your Nagios XI installation, we cannot offer consulting to setup a proof of concept for your manager, that is not included in your support contract.
Lets take this 1 thing at a time.
Re: Proxy agent for Network!!!
@ scottwilkerson
Whatever you see or reading was advised by Nagios Engineer(NRPE/NRDP/MOD-Gearman). Let me brief so that you know what I'm trying to achieve. Currently I'm monitoring all the servers/blade(HP C7000) with check_ping (icmp eho) on the iLO. We got Nagios XI as a VM defined on the VMWare. Pretty much I got like 1500 some IP's so far perfect. The environment that I my monitoring are Openstack and the ecosystem. I believe your are familiar with RHOSP(RHEL Openstack) environment. So we have controller and compute(nova-compute). There is Director(blade) which are accessible to internet where else the Controller/Compute do not have direct accessible to the internet. They can be reach through the Director via ssh. What I'm try to do is reaching or pinging the Controller/Compute node. The Controller/Compute have a private IP's(192.168.x.x) contrary to Director blade which has a public IP's(10.135.x.x) and IPv6. There was a drawing in the earlier chain if you want to refer with my explanation.
Please advice
Ravi
Whatever you see or reading was advised by Nagios Engineer(NRPE/NRDP/MOD-Gearman). Let me brief so that you know what I'm trying to achieve. Currently I'm monitoring all the servers/blade(HP C7000) with check_ping (icmp eho) on the iLO. We got Nagios XI as a VM defined on the VMWare. Pretty much I got like 1500 some IP's so far perfect. The environment that I my monitoring are Openstack and the ecosystem. I believe your are familiar with RHOSP(RHEL Openstack) environment. So we have controller and compute(nova-compute). There is Director(blade) which are accessible to internet where else the Controller/Compute do not have direct accessible to the internet. They can be reach through the Director via ssh. What I'm try to do is reaching or pinging the Controller/Compute node. The Controller/Compute have a private IP's(192.168.x.x) contrary to Director blade which has a public IP's(10.135.x.x) and IPv6. There was a drawing in the earlier chain if you want to refer with my explanation.
Please advice
Ravi
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Proxy agent for Network!!!
Thank you for this, so the 1 question you didn't answer is
scottwilkerson wrote:what is the current problem?
Re: Proxy agent for Network!!!
I follow what ever the engineers ask me to do and I replied with the answer, thats where you came in.
Ravi
kyang wrote:
Are the correct server IP's listed in the client's allowed_hosts in nrpe.cfg? How do you have this defined?
Thanks,Were you able to telnet that machine?
Ravi