Nagios Support Forum

We encountered such a problem that the compiled Nagios NRPE agent codes on Redhat 6.5 node failed to work on Redhat 6.2 node or Redhat 6.4 node due to the issue of different openssl/openssl-devel version installed. For example, we have openssl-1.0.1e-16.el6_5.15.x86_64 and openssl-devel-1.0.1e-16.el6_5.15.x86_64 installed on a Redhat 6.5 node and we compiled the NRPE v2.15 on it. When we copied the codes to a Redhat 6.2 node that has openssl-devel-1.0.0-20.el6.x86_64 and openssl-1.0.0-20.el6.x86_64 installed, we received an "CHECK_NRPE: Error - Could not complete SSL handshake" message when running check_nrpe locally or remotely on the Nagiuos XI server that is allowed to access this Nagios NRPE managed node. It is believed this error was due to the different version of openssl and openssl-devel that are installed on the Nagios NRPE managed node, comparing the openssl and openssl-devel used for compiling the codes on the Redhat 6.5 node. So we had to compile Nagios NRPE v2.15 codes on the Redhat 6.2 node to make it work. So this brings up two questions:
1) we may have to compile Nagios NRPE agent codes on different Redhat 6.x releases, depending on the versions of openssl and openssl-devel on Redhat 6.x nodes. So we may not be able to use the same compiled codes for other Redhat 6.x releases.
2) Even the Nagios NRPE agent codes are working fine on a Redhat 6.x node, once the openssl and openssl-devel are upgraded to a newer version, it may probably break the current Nagios NRPE agent codes on this node, and then we would have to recompile the Nagios NRPE agent codes with the newer version of openssl and openssl-devel.

What is a solution or suggestion to deal with this issue? We have Nagios XI 2014R2.7 and Nagios NRPE v2.15.

Thanks!

Can I get some clarification on the scope of what you're trying to accomplish here?

Are you just trying to make it so you can copy the binary from machine to machine instead of compiling it on each machine?

xlin125 wrote: we received an "CHECK_NRPE: Error - Could not complete SSL handshake" message when running check_nrpe locally or remotely on the Nagiuos XI server that is allowed to access this Nagios NRPE managed node

You're copying the configuration files over too, I assume?

To me it seems like you're making more work for yourself than necessary.. the steps to install and compile NRPE are pretty minimal.
This wouldn't be very hard to script, the fullinstall script does ask for you to for some manual input but I'm sure you could modify that to meet your needs.

Yes, manually installing the Nagios NRPE agent on a machine is easy, but we are asked to package the Nagios NRPE agent software so that we can install it on production machines that normally do not have Internet access, and gcc compiler is not allowed on these machines. So, the normal way, as documented in the installation guide, to install a NRPE agent does not meet our needs.

When we take the compiled NRPE agent codes under /usr/local/nagios as well as other configuration files, we can build a NRPE agent package. That way, we can install it on a machine without going through the compiling again, and it only takes less than 10 seconds to install it. When we deal with the NRPE agent installation on a large number of machines using this package, that gives us a huge benefits, particularly for the production machines. The concern of doing this is that the Linux upgrade may break the NRPE agent. This post just points out a potential problem that affects check_nrpe by different openssl/openssl-devel version or upgrade. The subject of this post may not reflect what I really wanted to ask.

Thanks!

We will need to discuss this with our developers and will get back to you within the next 24 hours. Thank you!

This is kind of outside of our scope, but I did a quick google and came up with this patch that allows you to statically link openssl:

http://permalink.gmane.org/gmane.networ ... devel/4882

That's not going to solve all of your problems though. You'll have a lot of similar issues with plugins.