Nagios Support Forum

Posted: **Thu Jan 15, 2015 1:32 pm**

Been following the instructions on standing up a VMA server that Troy Lea (aka box293) wrote. The documentation is pretty well written, but I've run into an issue that I can't resolve.

I've been able to get the password-less SSH configured (it all works from the command line without issues), but the issue is when I try to configure the wizard;

On the Admin --> Manage Components --> Edit Setting for VMware vMA Settings Manager

I've configured the VMA server, but when I select TEST for the SSH Configuration I get the following:

There was an issue establishing an SSH session with the vMA host 10.XXX.XXX.XXX!
The output is as follows:
Welcome to vSphere Management Assistant
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
Please refer to the box293_check_vmware manual on how to configure this Nagios host to communicate with the vMA host.

When I look at /var/log/messages I see this:

Code: Select all

Jan 15 10:25:40 vma01 sshd[23637]: Failed password for vi-admin from 10.YYY.YYY.YYY port 49873 ssh2
Jan 15 10:25:40 vma01 sshd[23637]: Failed password for vi-admin from 10.YYY.YYY.YYY port 49873 ssh2
Jan 15 10:25:40 vma01 sshd[23637]: Connection closed by 10.YYY.YYY.YYY [preauth]

When I try to do a TEST from the vmWare Settings tab, I pick the VMA server and one of my vCenter servers, I see this:

Code: Select all

Credentials test did not perform as expected on the vMA host 10.XXX.XXX.XXX connecting to the VMware server 10.ZZZ.ZZZ.ZZZ!
Please refer to the box293_check_vmware manual on how to configure the credentials on the vMA host.
Output from command:
UNKNOWN - check_by_ssh: Remote command '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version' returned status 255

What am I missing?

Posted: **Thu Jan 15, 2015 7:12 pm**

Sorry to hear you're having problems.

First question, in your data you've supplied you have:
10.XXX.XXX.XXX = your vMA host
10.ZZZ.ZZZ.ZZZ = your vCenter server

When following the documentation to create the certificates and transfer them to the vMA, are you using the 10.XXX.XXX.XXX IP address or a DNS name?

Try these commands and post back the results please:
The following commands will be done as the nagios user

Code: Select all

su nagios

Does this command prompt you for credentials?

Code: Select all

ssh [email protected]

If you do login or are not prompted for credentials, type exit so end the SSH session and return to the nagios host.

Does this command prompt you for credentials, what is the output?

Code: Select all

/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'

We'll stop being the nagios user now, type exit

The following commands will be done as the apache user:

Code: Select all

su -s /bin/sh apache

Does this command prompt you for credentials?

Code: Select all

ssh [email protected]

If you do login or are not prompted for credentials, type exit so end the SSH session and return to the nagios host.

Does this command prompt you for credentials, what is the output?

Code: Select all

/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'

Also, provide the output from these commands:

Code: Select all

ls -al /var/www/

ls -al /var/www/.ssh/

Do these commands produce output? Don't post the output here.

Code: Select all

cat /var/www/.ssh/id_dsa

cat /var/www/.ssh/known_hosts

We'll stop being the apache user now, type exit

Also, what version of check_by_ssh do you have?

Code: Select all

/usr/local/nagios/libexec/check_by_ssh -V

Posted: **Fri Jan 16, 2015 11:26 am**

Box293 wrote: First question, in your data you've supplied you have:
10.XXX.XXX.XXX = your vMA host
10.ZZZ.ZZZ.ZZZ = your vCenter server

When following the documentation to create the certificates and transfer them to the vMA, are you using the 10.XXX.XXX.XXX IP address or a DNS name?

Yes, you are correct - 10.XXX.XXX.XXX is the vMA host and 10.ZZZ.ZZZ.ZZZ = my vCenter server and I'm using just the IP address, not DNS.

Box293 wrote:
Code: Select all
su nagios
Does this command prompt you for credentials?
Code: Select all
ssh [email protected]

This works without prompting.

Box293 wrote: Does this command prompt you for credentials, what is the output?
Code: Select all
/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'

It returns
Version: 2014-12-13

Box293 wrote: Does this command prompt you for credentials?
Code: Select all
ssh [email protected]

It does prompt for credentials.

Welcome to vSphere Management Assistant
Enter passphrase for key '/var/www/.ssh/id_dsa':
[email protected]'s password:

Box293 wrote:Does this command prompt you for credentials, what is the output?
Code: Select all
/usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H 10.XXX.XXX.XXX -C '~/box293_check_vmware.pl --server 10.ZZZ.ZZZ.ZZZ --version'

This does prompt for credentials. After I enter credentials (and add a -t 30 to the command), this returns:

box293_check_vmware Version: 2014-12-13

Box293 wrote: Also, provide the output from these commands:
Code: Select all
ls -al /var/www/

apache@fe1(Linux) $ ls -al /var/www/
total 32
drwxr-xr-x. 8 root root 4096 Dec 18 14:23 .
drwxr-xr-x. 21 root root 4096 May 13 2014 ..
drwxr-xr-x. 2 root root 4096 Mar 20 2014 cgi-bin
drwxr-xr-x. 3 root root 4096 May 13 2014 error
drwxr-xr-x. 3 root root 4096 May 14 2014 html
drwxr-xr-x. 3 root root 4096 May 13 2014 icons
drwxr-xr-x. 2 root root 4096 May 13 2014 mrtg
drwxr-xr-x+ 2 root root 4096 Jan 14 14:11 .ssh

Box293 wrote:
Code: Select all
ls -al /var/www/.ssh/

apache@fe1(Linux) $ ls -al /var/www/.ssh/
total 40
drwxr-xr-x+ 2 root root 4096 Jan 14 14:11 .
drwxr-xr-x. 8 root root 4096 Dec 18 14:23 ..
-rw------- 1 root root 672 Jan 14 13:57 id_dsa
-rw-r--r-- 1 root root 615 Jan 14 14:11 id_dsa.pub
-rw-r-xr--+ 1 root root 8771 Jan 14 13:54 known_hosts
-rw-r-xr-- 1 root root 8771 Jan 14 13:53 known_hosts.old

Box293 wrote: Do these commands produce output? Don't post the output here.
Code: Select all
cat /var/www/.ssh/id_dsa

cat /var/www/.ssh/id_dsa
cat: /var/www/.ssh/id_dsa: Permission denied

Box293 wrote:cat /var/www/.ssh/known_hosts

This does show file contents

Box293 wrote:Also, what version of check_by_ssh do you have?
Code: Select all
/usr/local/nagios/libexec/check_by_ssh -V

check_by_ssh v2.0.3 (nagios-plugins 2.0.3)

Posted: **Fri Jan 16, 2015 1:49 pm**

Does the authorized_keys file on the server 10.XXX.XXX.XXX have the information from the XI server's id_dsa.pub file?

Posted: **Fri Jan 16, 2015 3:30 pm**

tgriep wrote:Does the authorized_keys file on the server 10.XXX.XXX.XXX have the information from the XI server's id_dsa.pub file?

Yeah, it does...

Posted: **Fri Jan 16, 2015 5:50 pm**

highness wrote:apache@fe1(Linux) $ ls -al /var/www/.ssh/
total 40
drwxr-xr-x+ 2 root root 4096 Jan 14 14:11 .
drwxr-xr-x. 8 root root 4096 Dec 18 14:23 ..
-rw------- 1 root root 672 Jan 14 13:57 id_dsa
-rw-r--r-- 1 root root 615 Jan 14 14:11 id_dsa.pub
-rw-r-xr--+ 1 root root 8771 Jan 14 13:54 known_hosts
-rw-r-xr-- 1 root root 8771 Jan 14 13:53 known_hosts.old

This file has the wrong permissions
-rw------- 1 root root 672 Jan 14 13:57 id_dsa

highness wrote:cat /var/www/.ssh/id_dsa
cat: /var/www/.ssh/id_dsa: Permission denied

This output confirms the permissions are incorrect.

SSH to the Nagios XI box as root and execute this command.

Code: Select all

setfacl -R -m u:apache:r-x /var/www/.ssh/

Now go back to the VMware vMA Settings Mananger" component and from the "vMA Hosts" tab do the SSH Configuration TEST.

Posted: **Fri Jan 16, 2015 6:06 pm**

You, sir, are a GENIUS!

The checks now both work!

Now on to adding the guest VMs!

Thank you VERY much!

Posted: **Fri Jan 16, 2015 6:16 pm**

Great stuff, glad we could get it working.

Nagios Support Forum

box293_check_vmware configuration problem

box293_check_vmware configuration problem

Re: box293_check_vmware configuration problem

Re: box293_check_vmware configuration problem

Re: box293_check_vmware configuration problem

Re: box293_check_vmware configuration problem

Re: box293_check_vmware configuration problem

Re: box293_check_vmware configuration problem

Re: box293_check_vmware configuration problem