Page 1 of 2
Installing NRPE agent on a DMZ server
Posted: Mon Jun 09, 2014 3:26 am
by MSPk
Hi Team,
We are trying to install NRPE agent on a Linux server in DMZ environment. When we tried to install the agent on these servers, we got an error message
Installing prerequisites...
Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
There was an error communicating with RHN.
RHN Satellite or RHN Classic support will be disabled.
Connection refused
Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Please verify its path and try again
Could not retrieve mirrorlist
http://mirrors.fedoraproject.org/mirror ... rch=x86_64 error was
[Errno 12] Timeout: <urlopen error timed out>
Our Unix admin has updated that these servers are not using any proxy to connect to the internet and will not be allowed(exeception will not be provided)to connect to the internet and YUM is failing to get the required patches.
Please suggest if have any other work around for the same in the absence of internet connectivity.
Re: Installing NRPE agent on a DMZ server
Posted: Mon Jun 09, 2014 4:46 am
by rajesh.mehra
Re: Installing NRPE agent on a DMZ server
Posted: Mon Jun 09, 2014 9:22 am
by slansing
Yep, as rajesh mentioned, you can compile from the source so you skip the automation of pulling dependencies in. You may find however, when running certain plugins, that you will want some of those dependencies.
Re: Installing NRPE agent on a DMZ server
Posted: Tue Jun 10, 2014 6:33 am
by MSPk
Hi,
I have tried to download the files in the above links and compile it on one of our DMZ servers but it failed with some error message (No Acceptable C compiler in $Path).
as a workaround, we have installed a NRPE agent on a linux server in non-prod environment and move the NRPE and Nagios plugins(in fact the entire nagios folder in /usr/local) onto the DMZ server and then created a nrpe service (in xinetd). we are now able to monitor the local parameters using nrpe on DMZ server. I wanted to know if it acceptable/safe to monitor the server in DMZ this way.
Re: Installing NRPE agent on a DMZ server
Posted: Tue Jun 10, 2014 7:40 am
by rajesh.mehra
I think no issue if you did not compile and used precompiled binary.
You can install following rpm packages to avoid "(No Acceptable C compiler in $Path) "
gcc
glibc
glibc-common
gd gd-devel
Re: Installing NRPE agent on a DMZ server
Posted: Tue Jun 10, 2014 8:39 am
by MSPk
Hi Rajesh,
Thank for your response.
My Unix Admin is relutant to install any addtional packages on these servers and we would prefer moving the pre-compiled binaries if that is an acceptable way of configuring the NRPE.
Re: Installing NRPE agent on a DMZ server
Posted: Tue Jun 10, 2014 4:42 pm
by sreinhardt
MSPK, this should be just fine, provided they are the same OS and architecture. I would actually fully agree with your unix admin that having build utilities on production and dmz servers is not a good idea. You should be totally fine moving the binaries, just make sure you have things like openssl and any other non-build packages installed.
Re: Installing NRPE agent on a DMZ server
Posted: Tue Jun 10, 2014 4:45 pm
by tmcdonald
Also of course make sure the ownership and permissions are correct.
Re: Installing NRPE agent on a DMZ server
Posted: Wed Jun 11, 2014 9:30 am
by MSPk
Hi,
We have come across the same issue again but this time it is on Ubuntu. I have tried to get the nagios agent through the repository but it failed with the below error.
Code: Select all
root@localhost:~# add-apt-repository ppa:nagiosinc/ppa
Error reading https://launchpad.net/api/1.0/~nagiosinc/+archive/ppa: <urlopen error [Errno 111] Connection refused>
I have downloaed the package as specified in the installation document and tried to ruun it using dpkg as gdebi is not available on our server, we ended up with the below error message.
Code: Select all
root@localhost:~# dpkg -i nagios-agent_1.0-2ppa2_all.deb
(Reading database ... 122716 files and directories currently installed.)
Preparing to replace nagios-agent 1.0-2ppa2 (using nagios-agent_1.0-2ppa2_all.deb) ...
Unpacking replacement nagios-agent ...
dpkg: dependency problems prevent configuration of nagios-agent:
nagios-agent depends on nagios-nrpe-server; however:
Package nagios-nrpe-server is not installed.
nagios-agent depends on nagios-plugins; however:
Package nagios-plugins is not installed.
nagios-agent depends on nagios-snmp-plugins; however:
Package nagios-snmp-plugins is not installed.
nagios-agent depends on gawk; however:
Package gawk is not installed.
dpkg: error processing nagios-agent (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
nagios-agent
Please suggest how we can install these dependencies or compile plugins from source for ubuntu.
PS: We have managed to install the agent through repository on one of our Ubuntu servers which is out of DMZ, however this server is Version 10.04 while the ones in DMZ is 11.04, Please suggest if we can move the NRPE files as we did for RHEL server.
Re: Installing NRPE agent on a DMZ server
Posted: Wed Jun 11, 2014 5:04 pm
by tmcdonald
If you are going to move binaries I would try to build an identical 11.04 box that you can install onto and move the binaries from there. Make it as close as possible to your DMZ server for best measure.