NCPA Issues on install
Posted: Thu Aug 27, 2015 11:24 am
Nagios XI server Specs:
CentOS 6.7 x86_64
Manual Install
Using SSL for Web interface
Test Server Specs:
CentOS 7.1.1503 x86_64
Guys/Gals,
I just started test deploying NCPA and have come across a few issues that I'm trying to figure out.
First and foremost is the fact the ncpa_listener and ncpa_passive service both run as root even though i've specified a different user in my ncpa.cfg (see below)
the services all seem to run under root. Is there something I've got configured incorrectly that would be causing this?
root 717 0.0 2.3 333256 23500 ? Sl Aug25 0:42 ./ncpa_posix_listener --start
root 1772 0.0 2.1 246656 21900 ? S Aug25 0:32 /usr/local/ncpa/ncpa_posix_passive --start
The second thing is the permissions for the configuration and log files. They appear to be world readable in default form, this means that the security token used to pass data back and forth to the Nagios server is visible to all users. Is this proper operation? Or should I stick with `chmod 600 /usr/local/ncpa/etc/ncpa.cfg` and in my case `chmod -R 600 /var/log/ncpa`. The only downside to that is that the rotated logs end up with the wrong permissions again.
The third and final thing is all the errors in the ncpa_passive log. It appears to be having issues in running the passive checks. I'm not even sure what I'm trying to track down there.
Any help/direction would be appreciated
-Wayne
---BEGIN NCPA.cfg---
[listener]
uid = nagios
certificate = adhoc
loglevel = info
ip = 0.0.0.0
gid = nagcmd
logfile = /var/log/ncpa/ncpa_listener.log
port = 5693
pidfile = var/ncpa_listener.pid
# Available versions: PROTOCOL SSLv2, SSLv3, TLSv1
ssl_version = TLSv1
[passive]
uid = nagios
handlers = nrds,nrdp
loglevel = info
gid = nagcmd
sleep = 300
logfile = /var/log/ncpa/ncpa_passive.log
pidfile = var/ncpa_passive.pid
[nrdp]
token = REDACTED
hostname = REDACTED
parent = https://REDACTED/nrdp/
[nrds]
URL = https://REDACTED/nrdp/
CONFIG_VERSION = 0.1
TOKEN = REDACTED
CONFIG_NAME = Main
CONFIG_OS = Linux
[api]
community_string = MajesticThunderNuggetis1337
[plugin directives]
plugin_path = plugins/
.sh = /bin/sh $plugin_name $plugin_args
.ps1 = powershell -ExecutionPolicy Bypass -File $plugin_name $plugin_args
.vbs = cscript $plugin_name $plugin_args //NoLogo
[passive checks]
%HOSTNAME%|cpu usage = /cpu/percent --warning 80 --critical 90
%HOSTNAME%|swap usage = /memory/swap/percent --warning 80 --critical 90
%HOSTNAME%|memory usage = /memory/virtual/percent --warning 80 --critical 95
---END NCPA.cfg---
---BEGIN ncpa_passive.log---
2015-08-27 12:20:38,858 1772 INFO Establishing passive handler: Handler
2015-08-27 12:20:38,861 1772 INFO Starting new HTTPS connection (1): REDACTED
2015-08-27 12:20:38,886 1772 ERROR no element found: line 1, column 0
Traceback (most recent call last):
File "ncpa_posix_passive.py", line 41, in run_all_handlers
File "/root/Development/ncpa/agent/passive/nrds.py", line 37, in run
File "/root/Development/ncpa/agent/passive/nrds.py", line 137, in config_update_is_required
File "/usr/local/lib/python2.7/xml/etree/ElementTree.py", line 1301, in XML
File "/usr/local/lib/python2.7/xml/etree/ElementTree.py", line 1654, in close
File "/usr/local/lib/python2.7/xml/etree/ElementTree.py", line 1506, in _raiseerror
ParseError: no element found: line 1, column 0
2015-08-27 12:20:38,886 1772 INFO Establishing passive handler: Handler
2015-08-27 12:20:38,887 1772 ERROR Cannot parse passive directive for loglevel, name malformed, skipping.
2015-08-27 12:20:38,887 1772 ERROR Cannot parse passive directive for logmaxmb, name malformed, skipping.
2015-08-27 12:20:38,887 1772 ERROR Cannot parse passive directive for gid, name malformed, skipping.
2015-08-27 12:20:38,888 1772 ERROR Cannot parse passive directive for logbackups, name malformed, skipping.
2015-08-27 12:20:38,888 1772 ERROR Cannot parse passive directive for uid, name malformed, skipping.
2015-08-27 12:20:38,888 1772 INFO Running check: /cpu/percent --warning 80 --critical 90
2015-08-27 12:20:39,895 1772 INFO Running check: /memory/swap/percent --warning 80 --critical 90
2015-08-27 12:20:39,899 1772 INFO Running check: /memory/virtual/percent --warning 80 --critical 95
2015-08-27 12:20:39,904 1772 INFO Starting new HTTPS connection (1): REDACTED
2015-08-27 12:20:39,924 1772 ERROR no element found: line 1, column 0
Traceback (most recent call last):
File "ncpa_posix_passive.py", line 41, in run_all_handlers
File "/root/Development/ncpa/agent/passive/nrdp.py", line 112, in run
File "/root/Development/ncpa/agent/passive/nrdp.py", line 166, in submit_to_nagios
File "/root/Development/ncpa/agent/passive/nrdp.py", line 132, in log_result
File "/usr/local/lib/python2.7/xml/dom/minidom.py", line 1928, in parseString
File "/usr/local/lib/python2.7/xml/dom/expatbuilder.py", line 940, in parseString
File "/usr/local/lib/python2.7/xml/dom/expatbuilder.py", line 223, in parseString
---END ncpa_passive.log
CentOS 6.7 x86_64
Manual Install
Using SSL for Web interface
Test Server Specs:
CentOS 7.1.1503 x86_64
Guys/Gals,
I just started test deploying NCPA and have come across a few issues that I'm trying to figure out.
First and foremost is the fact the ncpa_listener and ncpa_passive service both run as root even though i've specified a different user in my ncpa.cfg (see below)
the services all seem to run under root. Is there something I've got configured incorrectly that would be causing this?
root 717 0.0 2.3 333256 23500 ? Sl Aug25 0:42 ./ncpa_posix_listener --start
root 1772 0.0 2.1 246656 21900 ? S Aug25 0:32 /usr/local/ncpa/ncpa_posix_passive --start
The second thing is the permissions for the configuration and log files. They appear to be world readable in default form, this means that the security token used to pass data back and forth to the Nagios server is visible to all users. Is this proper operation? Or should I stick with `chmod 600 /usr/local/ncpa/etc/ncpa.cfg` and in my case `chmod -R 600 /var/log/ncpa`. The only downside to that is that the rotated logs end up with the wrong permissions again.
The third and final thing is all the errors in the ncpa_passive log. It appears to be having issues in running the passive checks. I'm not even sure what I'm trying to track down there.
Any help/direction would be appreciated
-Wayne
---BEGIN NCPA.cfg---
[listener]
uid = nagios
certificate = adhoc
loglevel = info
ip = 0.0.0.0
gid = nagcmd
logfile = /var/log/ncpa/ncpa_listener.log
port = 5693
pidfile = var/ncpa_listener.pid
# Available versions: PROTOCOL SSLv2, SSLv3, TLSv1
ssl_version = TLSv1
[passive]
uid = nagios
handlers = nrds,nrdp
loglevel = info
gid = nagcmd
sleep = 300
logfile = /var/log/ncpa/ncpa_passive.log
pidfile = var/ncpa_passive.pid
[nrdp]
token = REDACTED
hostname = REDACTED
parent = https://REDACTED/nrdp/
[nrds]
URL = https://REDACTED/nrdp/
CONFIG_VERSION = 0.1
TOKEN = REDACTED
CONFIG_NAME = Main
CONFIG_OS = Linux
[api]
community_string = MajesticThunderNuggetis1337
[plugin directives]
plugin_path = plugins/
.sh = /bin/sh $plugin_name $plugin_args
.ps1 = powershell -ExecutionPolicy Bypass -File $plugin_name $plugin_args
.vbs = cscript $plugin_name $plugin_args //NoLogo
[passive checks]
%HOSTNAME%|cpu usage = /cpu/percent --warning 80 --critical 90
%HOSTNAME%|swap usage = /memory/swap/percent --warning 80 --critical 90
%HOSTNAME%|memory usage = /memory/virtual/percent --warning 80 --critical 95
---END NCPA.cfg---
---BEGIN ncpa_passive.log---
2015-08-27 12:20:38,858 1772 INFO Establishing passive handler: Handler
2015-08-27 12:20:38,861 1772 INFO Starting new HTTPS connection (1): REDACTED
2015-08-27 12:20:38,886 1772 ERROR no element found: line 1, column 0
Traceback (most recent call last):
File "ncpa_posix_passive.py", line 41, in run_all_handlers
File "/root/Development/ncpa/agent/passive/nrds.py", line 37, in run
File "/root/Development/ncpa/agent/passive/nrds.py", line 137, in config_update_is_required
File "/usr/local/lib/python2.7/xml/etree/ElementTree.py", line 1301, in XML
File "/usr/local/lib/python2.7/xml/etree/ElementTree.py", line 1654, in close
File "/usr/local/lib/python2.7/xml/etree/ElementTree.py", line 1506, in _raiseerror
ParseError: no element found: line 1, column 0
2015-08-27 12:20:38,886 1772 INFO Establishing passive handler: Handler
2015-08-27 12:20:38,887 1772 ERROR Cannot parse passive directive for loglevel, name malformed, skipping.
2015-08-27 12:20:38,887 1772 ERROR Cannot parse passive directive for logmaxmb, name malformed, skipping.
2015-08-27 12:20:38,887 1772 ERROR Cannot parse passive directive for gid, name malformed, skipping.
2015-08-27 12:20:38,888 1772 ERROR Cannot parse passive directive for logbackups, name malformed, skipping.
2015-08-27 12:20:38,888 1772 ERROR Cannot parse passive directive for uid, name malformed, skipping.
2015-08-27 12:20:38,888 1772 INFO Running check: /cpu/percent --warning 80 --critical 90
2015-08-27 12:20:39,895 1772 INFO Running check: /memory/swap/percent --warning 80 --critical 90
2015-08-27 12:20:39,899 1772 INFO Running check: /memory/virtual/percent --warning 80 --critical 95
2015-08-27 12:20:39,904 1772 INFO Starting new HTTPS connection (1): REDACTED
2015-08-27 12:20:39,924 1772 ERROR no element found: line 1, column 0
Traceback (most recent call last):
File "ncpa_posix_passive.py", line 41, in run_all_handlers
File "/root/Development/ncpa/agent/passive/nrdp.py", line 112, in run
File "/root/Development/ncpa/agent/passive/nrdp.py", line 166, in submit_to_nagios
File "/root/Development/ncpa/agent/passive/nrdp.py", line 132, in log_result
File "/usr/local/lib/python2.7/xml/dom/minidom.py", line 1928, in parseString
File "/usr/local/lib/python2.7/xml/dom/expatbuilder.py", line 940, in parseString
File "/usr/local/lib/python2.7/xml/dom/expatbuilder.py", line 223, in parseString
---END ncpa_passive.log