Page 1 of 3
check_http -S command since upgrade 2012R2.8
Posted: Wed Feb 19, 2014 3:27 pm
by Fenech
Since upgrading our non-production environment to version 2012R2.8 (and since to 2012R2.9 as well) our check_http -S commands have begun to fail (those that are not using the standard 443 port). We haven't altered the command or the executable between environments. I've tried copying the command from the working 2012R2.7 to the broken 2012R2.8. When we tail the logs on the server the broken command seems to not reach it at all, while the working 2012R2.7 version appears.
I've attached a copy of the verbose for the working 2012R2.7 command as well as the broken 2012R2.8 one. Do you know if this is a known bug? It appears that the -S parameter is potentially overriding the -p.
Let me know if you need any more information. Thank you for any help.
**Edit 1** I should also clarify that in 2012R2.8 + all the nonSSL checks function properly
Re: check_http -S command since upgrade 2012R2.8
Posted: Wed Feb 19, 2014 4:19 pm
by Fenech
Our port override theory is wrong. I have other checks checking 443 and when I add the -p parameter with a different port it times out like it should.
Re: check_http -S command since upgrade 2012R2.8
Posted: Wed Feb 19, 2014 5:03 pm
by abrist
You may need to update openssl.
Re: check_http -S command since upgrade 2012R2.8
Posted: Wed Feb 19, 2014 5:12 pm
by Fenech
I just double checked. It is up to date.
Setting up Update Process
No Packages marked for Update
Re: check_http -S command since upgrade 2012R2.8
Posted: Wed Feb 19, 2014 5:14 pm
by abrist
Are the plugins the same version?
Re: check_http -S command since upgrade 2012R2.8
Posted: Wed Feb 19, 2014 5:21 pm
by Fenech
They are both
User-Agent: check_http/v2053 (nagios-plugins 1.4.13)
Also. I attached text files with the verbose outputs from the 2012R2.7 working version as well as the 2012R2.9 broken version to the main post as well.
Re: check_http -S command since upgrade 2012R2.8
Posted: Wed Feb 19, 2014 5:24 pm
by Fenech
They are running different versions of openssl
Working 2012R2.7
yum list installed |grep openssl
openssl.x86_64 1.0.0-27.el6_4.2
openssl-devel.x86_64 1.0.0-27.el6_4.2
Broken 2012R2.9
yum list installed |grep openssl
openssl.x86_64 1.0.1e-16.el6_5.4
openssl-devel.x86_64 1.0.1e-16.el6_5.4
Re: check_http -S command since upgrade 2012R2.8
Posted: Wed Feb 19, 2014 5:33 pm
by abrist
We may need to build http against the new headers:
Code: Select all
yum install -y m4 gettext automake autoconf
cd /tmp
wget https://github.com/nagios-plugins/nagios-plugins/archive/master.zip
unzip master.zip
cd nagios-plugins-master
./tools/setup
./configure
make all
./plugins/check_http -I 10.0.0.1 -H url.com -w 5 -c 10 -S -p 9602 -v
If it works, backup the old version and copy the new version over:
Code: Select all
mv /usr/local/nagios/libexec/check_http /usr/local/nagios/libexec/check_http.old
cp plugins/check_http /usr/local/nagios/libexec/
If it does not work, or if you have compiling issues, post the relevant output here.
Re: check_http -S command since upgrade 2012R2.8
Posted: Wed Feb 19, 2014 5:52 pm
by Fenech
It did not work, however I don't get the "Error on receive" anymore
[root@nagios nagios-plugins-master]# ./plugins/check_http -I 10.0.0.1 -H url.com -w 5 -c 10 -S -p 9602 -v
CRITICAL - Cannot make SSL connection.
The non-SSL still works (FYI)
[root@nagios nagios-plugins-master]# ./plugins/check_http -I 10.0.0.1 -H url.com -w 5 -c 10 -p 9601
HTTP OK: HTTP/1.1 200 OK - 5139 bytes in 0.006 second response time |time=0.005517s;5.000000;10.000000;0.000000 size=5139B;;;0
Re: check_http -S command since upgrade 2012R2.8
Posted: Thu Feb 20, 2014 10:59 am
by abrist
Can you post the output of a verbose check?
Code: Select all
./plugins/check_http -I 10.0.0.1 -H url.com -w 5 -c 10 -p 9601 -vvv
EDIT: Additionally, have you run into a publically available site that has this problem. I have been testing this issue internally and externally and have yet to have it fail.