Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

nrpe errors (maybe ssl related)

https://support.nagios.com/forum/viewtopic.php?t=41578

Page 1 of 1

nrpe errors (maybe ssl related)

Posted: Tue Dec 13, 2016 7:44 pm
by Hikerguy86
Hi,

i am trying to roll out nrpe across our fleet of Linux servers. I am installing the packages from the EPEL repos (4.x, 5.x, 6.x, 7.x)

on a few servers so far I have noticed different behavior when it comes to connecting, even locally with check_nrpe. On some of the servers, just installing nrpe and then uploading the cfg file and starting the service will work and it comes up ok in Nagios. However on other servers it seems like there are ssl errors.

Code: Select all

tail -1 /var/log/messages
nrpe[12722]: Error: Could not complete SSL handshake. 1
so I added "--no-ssl" to the /etc/sysconfig/nrpe file and restarted nrpe service

Code: Select all

/usr/lib/nagios/plugins/check_nrpe -H 127.0.0.1 -n
NRPE v2.15
so far so good, now let's try a check:

Code: Select all

/usr/lib/nagios/plugins/check_nrpe -H 127.0.0.1 -n -c check_users
NRPE: Unable to read output
ok, what does /var/log/messages say:

Code: Select all

nrpe[12857]: Could not read request from client, bailing out...
notice this is all local, but the same error is received on the remote Nagios host as well. I'm unsure how to resolve it from here. When I don't use the -n option on these problem hosts as compared to the -n option:

Code: Select all

./check_nrpe -H 127.0.0.1 -c check_cpu
CHECK_NRPE: Socket timeout after 10 seconds.

./check_nrpe -H 127.0.0.1 -c check_cpu -n
NRPE: Unable to read output
check times out no matter how long the timeout (-t) is set to without the -n, but with it the check_nrpe fails with "unable to read output" and "Could not read request from client, bailing out..." in /var/log/messages

anyone have any ideas?

Re: nrpe errors (maybe ssl related)

Posted: Wed Dec 14, 2016 12:10 pm
by mcapra
Hikerguy86 wrote: I am installing the packages from the EPEL repos (4.x, 5.x, 6.x, 7.x)
Unfortunately, we do not maintain/build the packages provided in the EPEL repositories which makes providing support a bit tricky. Here's our official documentation for setting up NRPE (though the documentation says Nagios XI, this applies to Core as well):
https://assets.nagios.com/downloads/nag ... _Agent.pdf

Do you know if this NRPE is running as a stand-alone daemon, or is it running under xinetd?

Re: nrpe errors (maybe ssl related)

Posted: Wed Dec 14, 2016 5:52 pm
by Hikerguy86
Hi,

I am familiar with the guide, unfortunately I am not able to build the agent from source, my company has a policy that no build tools can be installed on qa, uat, prod, dr, etc so I have to use the packages in the repo.

The agent is running as a stand alone daemon.

the oddity is that only some of the machines have this issue, others install from the repo and come up just fine and report 100% ok to nagios, there is no difference in the configurations, init files, or /etc/sysconfig/nrpe files

Re: nrpe errors (maybe ssl related)

Posted: Thu Dec 15, 2016 6:42 am
by ruffsense
maybe you need to use a shebang.

try to run your script after you did this.

sudo sudo -s -u nagios

Re: nrpe errors (maybe ssl related)

Posted: Thu Dec 15, 2016 1:34 pm
by mcapra
Did you also install the nagios-plugins package along with NRPE?

Can you share the contents of your NRPE configuration file? It's usually located in /usr/local/nagios/etc/nrpe.cfg, but the package may have placed it elsewhere.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited