Nagios Support Forum • Nagiosql login failed on upgrade from XI 2012R2.9 to latest

Page 1 of 2

Nagiosql login failed on upgrade from XI 2012R2.9 to latest

Posted: Mon Mar 09, 2015 12:01 pm

by perric

Hi all,

I'm running into an issue upgrading our very small development environment from an older version of Nagios XI (2012 R2.9) to latest. This is a test before upgrading our much larger production installation.

After resolving the issue with ghost config files (http://support.nagios.com/wiki/index.ph ... 14_Upgrade), the upgrade proceeded for several minutes before bombing out at the XI template installation:

Code: Select all

Installing new XI templates...
URL: http://localhost/nagiosxi/includes/components/ccm/
CMDLINE
/usr/bin/wget --save-cookies nagiosql.cookies --keep-session-cookies http://localhost/nagiosxi/includes/components/ccm/ --no-check-certificate --post-data 'submit=Login&hidelog=true&loginSubmitted=true&username=nagiosxi&password=64r4nu' -O nagiosql.login--2015-03-09 12:08:28--  http://localhost/nagiosxi/includes/components/ccm/
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:80... connected.
HTTP request sent, awaiting response... 500 Internal Server Error
2015-03-09 12:08:28 ERROR 500: Internal Server Error.

NAGIOSQL LOGIN FAILED!

The apache error_log complains about required files and permissions:

Code: Select all

[root@cawlkl24 httpd]# tail error_log
[Mon Mar 09 12:53:22 2015] [error] [client ::1] PHP Warning:  require_once(/usr/local/nagiosxi/html/backend/includes/handler-config.inc.php): failed to open stream: Permission denied in /usr/local/nagiosxi/html/backend/includes/handlers.inc.php on line 19
[Mon Mar 09 12:53:22 2015] [error] [client ::1] PHP Fatal error:  require_once(): Failed opening required '/usr/local/nagiosxi/html/backend/includes/handler-config.inc.php' (include_path='.:/usr/share/pear:/usr/share/php') in /usr/local/nagiosxi/html/backend/includes/handlers.inc.php on line 19
[Mon Mar 09 12:53:42 2015] [error] [client ::1] PHP Warning:  require_once(/usr/local/nagiosxi/html/backend/includes/handler-config.inc.php): failed to open stream: Permission denied in /usr/local/nagiosxi/html/backend/includes/handlers.inc.php on line 19
[Mon Mar 09 12:53:42 2015] [error] [client ::1] PHP Fatal error:  require_once(): Failed opening required '/usr/local/nagiosxi/html/backend/includes/handler-config.inc.php' (include_path='.:/usr/share/pear:/usr/share/php') in /usr/local/nagiosxi/html/backend/includes/handlers.inc.php on line 19
[Mon Mar 09 12:54:01 2015] [error] [client ::1] PHP Warning:  require_once(/usr/local/nagiosxi/html/backend/includes/handler-config.inc.php): failed to open stream: Permission denied in /usr/local/nagiosxi/html/backend/includes/handlers.inc.php on line 19
[Mon Mar 09 12:54:01 2015] [error] [client ::1] PHP Fatal error:  require_once(): Failed opening required '/usr/local/nagiosxi/html/backend/includes/handler-config.inc.php' (include_path='.:/usr/share/pear:/usr/share/php') in /usr/local/nagiosxi/html/backend/includes/handlers.inc.php on line 19
[Mon Mar 09 12:54:22 2015] [error] [client ::1] PHP Warning:  require_once(/usr/local/nagiosxi/html/backend/includes/handler-config.inc.php): failed to open stream: Permission denied in /usr/local/nagiosxi/html/backend/includes/handlers.inc.php on line 19
[Mon Mar 09 12:54:22 2015] [error] [client ::1] PHP Fatal error:  require_once(): Failed opening required '/usr/local/nagiosxi/html/backend/includes/handler-config.inc.php' (include_path='.:/usr/share/pear:/usr/share/php') in /usr/local/nagiosxi/html/backend/includes/handlers.inc.php on line 19
[Mon Mar 09 12:54:42 2015] [error] [client ::1] PHP Warning:  require_once(/usr/local/nagiosxi/html/backend/includes/handler-config.inc.php): failed to open stream: Permission denied in /usr/local/nagiosxi/html/backend/includes/handlers.inc.php on line 19
[Mon Mar 09 12:54:42 2015] [error] [client ::1] PHP Fatal error:  require_once(): Failed opening required '/usr/local/nagiosxi/html/backend/includes/handler-config.inc.php' (include_path='.:/usr/share/pear:/usr/share/php') in /usr/local/nagiosxi/html/backend/includes/handlers.inc.php on line 19

However, all of the files and directories in /usr/local/nagiosxi/html and the children are owned by nagios:nagios.

System Info
Manual install of NagiosXI on Oracle Enterprise Linux 64bit (uname -a: Linux cawlkl24.pramericas.com 3.8.13-55.1.5.el6uek.x86_64 #2 SMP Wed Jan 28 17:03:28 PST 2015 x86_64 x86_64 x86_64 GNU/Linux)
No special configs
Upgrade log attached

Thanks in advance

Re: Nagiosql login failed on upgrade from XI 2012R2.9 to lat

Posted: Mon Mar 09, 2015 1:01 pm

by tgriep

Go you have a proxy setup on this server?
Can you run this and post the output back here?

Code: Select all

cat /etc/wgetrc

Re: Nagiosql login failed on upgrade from XI 2012R2.9 to lat

Posted: Mon Mar 09, 2015 1:15 pm

by perric

No proxy.

All of the content of /etc/wgetrc is commented

Code: Select all

[root@cawlkl24 httpd]# cat /etc/wgetrc
###
### Sample Wget initialization file .wgetrc
###

## You can use this file to change the default behaviour of wget or to
## avoid having to type many many command-line options. This file does
## not contain a comprehensive list of commands -- look at the manual
## to find out what you can put into this file.
##
## Wget initialization file can reside in /etc/wgetrc
## (global, for all users) or $HOME/.wgetrc (for a single user).
##
## To use the settings in this file, you will have to uncomment them,
## as well as change them, in most cases, as the values on the
## commented-out lines are the default values (e.g. "off").


##
## Global settings (useful for setting up in /etc/wgetrc).
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##

# You can set retrieve quota for beginners by specifying a value
# optionally followed by 'K' (kilobytes) or 'M' (megabytes).  The
# default quota is unlimited.
#quota = inf

# You can lower (or raise) the default number of retries when
# downloading a file (default is 20).
#tries = 20

# Lowering the maximum depth of the recursive retrieval is handy to
# prevent newbies from going too "deep" when they unwittingly start
# the recursive retrieval.  The default is 5.
#reclevel = 5

# By default Wget uses "passive FTP" transfer where the client
# initiates the data connection to the server rather than the other
# way around.  That is required on systems behind NAT where the client
# computer cannot be easily reached from the Internet.  However, some
# firewalls software explicitly supports active FTP and in fact has
# problems supporting passive transfer.  If you are in such
# environment, use "passive_ftp = off" to revert to active FTP.
#passive_ftp = off

# The "wait" command below makes Wget wait between every connection.
# If, instead, you want Wget to wait only between retries of failed
# downloads, set waitretry to maximum number of seconds to wait (Wget
# will use "linear backoff", waiting 1 second after the first failure
# on a file, 2 seconds after the second failure, etc. up to this max).
#waitretry = 10


##
## Local settings (for a user to set in his $HOME/.wgetrc).  It is
## *highly* undesirable to put these settings in the global file, since
## they are potentially dangerous to "normal" users.
##
## Even when setting up your own ~/.wgetrc, you should know what you
## are doing before doing so.
##

# Set this to on to use timestamping by default:
#timestamping = off

# It is a good idea to make Wget send your email address in a `From:'
# header with your request (so that server administrators can contact
# you in case of errors).  Wget does *not* send `From:' by default.
#header = From: Your Name <[email protected]>

# You can set up other headers, like Accept-Language.  Accept-Language
# is *not* sent by default.
#header = Accept-Language: en

# You can set the default proxies for Wget to use for http, https, and ftp.
# They will override the value in the environment.
#https_proxy = http://proxy.yoyodyne.com:18023/
#http_proxy = http://proxy.yoyodyne.com:18023/
#ftp_proxy = http://proxy.yoyodyne.com:18023/

# If you do not want to use proxy at all, set this to off.
#use_proxy = on

# You can customize the retrieval outlook.  Valid options are default,
# binary, mega and micro.
#dot_style = default

# Setting this to off makes Wget not download /robots.txt.  Be sure to
# know *exactly* what /robots.txt is and how it is used before changing
# the default!
#robots = on

# It can be useful to make Wget wait between connections.  Set this to
# the number of seconds you want Wget to wait.
#wait = 0

# You can force creating directory structure, even if a single is being
# retrieved, by setting this to on.
#dirstruct = off

# You can turn on recursive retrieving by default (don't do this if
# you are not sure you know what it means) by setting this to on.
#recursive = off

# To always back up file X as X.orig before converting its links (due
# to -k / --convert-links / convert_links = on having been specified),
# set this variable to on:
#backup_converted = off

# To have Wget follow FTP links from HTML files by default, set this
# to on:
#follow_ftp = off

# To try ipv6 addresses first:
#prefer-family = IPv6

# Set default IRI support state
#iri = off

# Force the default system encoding
#locale = UTF-8

# Force the default remote server encoding
#remoteencoding = UTF-8

Re: Nagiosql login failed on upgrade from XI 2012R2.9 to lat

Posted: Mon Mar 09, 2015 1:27 pm

by abrist

What are the permissions of:

Code: Select all

ls -la /usr/local/nagiosxi/html/backend/includes/handler-config.inc.php

Is php-pear and its related template package installed?

Code: Select all

yum list installed | grep pear

Re: Nagiosql login failed on upgrade from XI 2012R2.9 to lat

Posted: Mon Mar 09, 2015 1:38 pm

by perric

handler-config.inc.php is 600 and looks like pear and the template is installed

Code: Select all

[root@cawlkl24 httpd]# ls -la /usr/local/nagiosxi/html/backend/includes/handler-config.inc.php
-rw------- 1 nagios nagios 458 Mar  9 12:08 /usr/local/nagiosxi/html/backend/includes/handler-config.inc.php

Code: Select all

[root@cawlkl24 httpd]# yum list installed | grep pear
php-pear.noarch                    1:1.9.4-4.el6              @public_ol6_latest
php-pear-HTML-Template-IT.noarch   1.3.0-2.el5                @/php-pear-HTML-Template-IT-1.3.0-2.el5.noarch

Re: Nagiosql login failed on upgrade from XI 2012R2.9 to lat

Posted: Mon Mar 09, 2015 1:41 pm

by abrist

The file /usr/local/nagiosxi/html/backend/includes/handler-config.inc.php should have group read permissions as apache needs access to this file (apache should be a member of the nagios group):

Code: Select all

chmod g+r /usr/local/nagiosxi/html/backend/includes/handler-config.inc.php

Code: Select all

grep nag /etc/group

Re: Nagiosql login failed on upgrade from XI 2012R2.9 to lat

Posted: Mon Mar 09, 2015 1:46 pm

by perric

I adjusted the permissions of the file in question and confirmed apache is in the nagios group.

It's giving me a different error (well the same error but on a different include file). Should I add group read to the entire html subdirectory?

Re: Nagiosql login failed on upgrade from XI 2012R2.9 to lat

Posted: Mon Mar 09, 2015 2:43 pm

by lmiltchev

What are the permissions on the html directory at the moment?

Code: Select all

ll -d /usr/local/nagiosxi/html
ll /usr/local/nagiosxi/html

Also, you didn't show us the output of:

Code: Select all

grep nag /etc/group

Can you run the following commands and post the "upgrade.txt" file that was generated in the "/tmp/" directory?

Code: Select all

cd /tmp/nagiosxi
./upgrade | tee /tmp/upgrade.txt

Re: Nagiosql login failed on upgrade from XI 2012R2.9 to lat

Posted: Mon Mar 09, 2015 2:49 pm

by perric

Code: Select all

[root@cawlkl24 httpd]# ll -d /usr/local/nagiosxi/html
drwxr-xr-x 18 nagios nagios 4096 May  6  2014 /usr/local/nagiosxi/html
[root@cawlkl24 httpd]# ll  /usr/local/nagiosxi/html
total 336
drwxr-x---  2 nagios nagios   4096 May  6  2014 about
drwxr-x---  2 nagios nagios   4096 May  6  2014 account
drwxr-x---  2 nagios nagios   4096 May  6  2014 addons
drwxr-x---  2 nagios nagios   4096 May  6  2014 admin
-rwxr-x---  1 nagios nagios  24882 Mar  9 12:08 ajaxhelper.php
-rwxr-x---  1 nagios nagios   1705 Mar  9 12:08 ajaxproxy.php
drwxr-x---  3 nagios nagios   4096 May  6  2014 backend
drwxr-x---  3 nagios nagios   4096 May  6  2014 config
-rwx------  1 nagios nagios   8159 Mar  9 12:08 config.inc.dist
-rwxr-x---  1 nagios nagios   8159 Mar  9 12:08 config.inc.php
-rwx------  1 nagios nagios   8159 Mar  9 12:08 config.inc.saved
drwxr-x---  2 nagios nagios   4096 May  6  2014 dashboards
drwxr-x---  4 nagios nagios   4096 May  6  2014 db
drwxr-x---  3 nagios nagios   4096 May  6  2014 downloads
drwxr-x---  2 nagios nagios   4096 May  6  2014 help
drwxr-x---  4 nagios nagios  12288 Mar  9 12:08 images
drwxr-x--- 12 nagios nagios   4096 May  6  2014 includes
-rwxr-x---  1 nagios nagios   1072 Mar  9 12:08 index.php
-rwxr-x---  1 nagios nagios  10470 Mar  9 12:08 install.php
-rwxr-x---  1 nagios nagios 145812 Mar  9 12:08 login.php
-rw-------  1 nagios nagios   2399 Mar  9 12:08 loginsplash.inc.dist
-rw-r-----  1 nagios nagios   2212 Mar  9 12:08 loginsplash.inc.php
-rw-------  1 nagios nagios   2212 Mar  9 12:08 loginsplash.inc.saved
drwxr-x---  2 nagios nagios   4096 May  6  2014 perfgraphs
drwxr-x---  2 nagios nagios   4096 Mar  9 12:08 reports
-rw-r-----  1 nagios nagios  20515 Mar  9 12:08 rr.php
-rwxr-x---  1 nagios nagios   7314 Mar  9 12:08 suggest.php
drwxr-x---  2 nagios nagios   4096 May  6  2014 tools
-rwxr-x---  1 nagios nagios   1979 Mar  9 12:08 upgrade.php
drwxr-x---  2 nagios nagios   4096 May  6  2014 views

Apache is in the group for nagios

Code: Select all

[root@cawlkl24 httpd]# cat /etc/group | grep nagios
nagios:x:500:nagios,apache
nagcmd:x:501:nagios,apache

Upgrade file is attached. The web interface is still down because there are more files under the html directory that are missing group read.

Re: Nagiosql login failed on upgrade from XI 2012R2.9 to lat

Posted: Mon Mar 09, 2015 3:05 pm

by tgriep

Yes, they all should have group read set.