Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Issue with capacity management graphs

https://support.nagios.com/forum/viewtopic.php?t=41886

Page 1 of 2

Issue with capacity management graphs

Posted: Mon Jan 09, 2017 4:31 pm
by perric
Hi all,

I'm having an issue with the capacity management graphs failing to generate on my development and production Nagios servers.

Development is running the XI VM image version 5.4.0, and prod is running a manual install of XI version 5.3.3 atop OEL.

The dev system is an import of a prior development system that used to be running a manual install.

I get a broken image and this in the /var/log/httpd/error_log:

Code: Select all

[Mon Jan 09 16:25:17 2017] [error] [client 10.100.168.137] (13)Permission denied: access to /nagiosxi//includes/components/capacityplanning/images/cog.png denied, referer: http://nagios-dev.pr-americas.pernod-ricard.group/nagiosxi/includes/components/xicore/status.php?show=servicedetail&host=caamewlkwso2&service=Drive+C%3A+Disk+Usage&dest=auto
[Mon Jan 09 16:25:17 2017] [error] [client 10.100.168.137] (13)Permission denied: access to /nagiosxi//includes/components/capacityplanning/images/cog.png denied, referer: http://nagios-dev.pr-americas.pernod-ricard.group/nagiosxi/includes/components/xicore/status.php?show=servicedetail&host=caamewlkwso2&service=Drive+C%3A+Disk+Usage&dest=auto
[Mon Jan 09 16:25:20 2017] [error] [client 10.100.168.137] PHP Warning:  require(/usr/local/nagiosxi/html/includes/components/capacityplanning/templates/capacityreport.inc.php): failed to open stream: Permission denied in /usr/local/nagiosxi/html/includes/components/capacityplanning/capacityplanning.inc.php on line 121, referer: http://nagios-dev.pr-americas.pernod-ricard.group/nagiosxi/includes/components/xicore/status.php?show=servicedetail&host=caamewlkwso2&service=Drive+C%3A+Disk+Usage&dest=auto
What's strange is I have another small XI instance, running the VM image version 5.4.0 that was installed from scratch and did not have any data imported, and in it capacity management works exactly as expected.

I have tried the check permissions option under admin and it reports no errors. I also reviewed permissions of the directory the error is complaining about and compared between the working and non working systems but can't seem to see anything obvious that is different.

Thanks

Re: Issue with capacity management graphs

Posted: Mon Jan 09, 2017 4:36 pm
by rkennedy
What are teh full permissions on the file?

Code: Select all

ls -la /usr/local/nagiosxi/html/includes/components/capacityplanning/capacityplanning.inc.php
Here's what I'm seeing on a test system here -

Code: Select all

[root@localhost archives]# ls -la /usr/local/nagiosxi/html/includes/components/capacityplanning/capacityplanning.inc.php
-rw-r----- 1 nagios nagios 132660 Oct 25 14:15 /usr/local/nagiosxi/html/includes/components/capacityplanning/capacityplanning.inc.php
Also, what is the output of getenforce?

Re: Issue with capacity management graphs

Posted: Mon Jan 09, 2017 4:38 pm
by perric

Code: Select all

[coadminsj@cawlkld34 ~]$ sudo ls -la /usr/local/nagiosxi/html/includes/components/capacityplanning/capacityplanning.inc.php
-rwxr-x--- 1 nagios nagios 132593 Jan  6 09:51 /usr/local/nagiosxi/html/includes/components/capacityplanning/capacityplanning.inc.php
I removed execute from the file but it did not make any difference to the output

[coadminsj@cawlkld34 ~]$ getenforce
Disabled

System profiles for all 3 systems included

Thanks

Re: Issue with capacity management graphs

Posted: Mon Jan 09, 2017 4:58 pm
by scottwilkerson
is apache a member of the nagios group?

Code: Select all

cat /etc/group|grep nagios
And for clarity, what is OEL?

Re: Issue with capacity management graphs

Posted: Mon Jan 09, 2017 5:01 pm
by avandemore
What is the output of:

Code: Select all

ls -la /usr/local/nagiosxi/html/includes/components/capacityplanning/images/

Re: Issue with capacity management graphs

Posted: Mon Jan 09, 2017 5:01 pm
by perric
Yes it is

Code: Select all

[coadminsj@cawlkld34 ~]$ cat /etc/group | grep nagios
nagios:x:500:nagios,apache
nagcmd:x:501:nagios,apache
OEL is Oracle Enterprise Linux, a redhat variant. However, I can also reproduce this issue on my dev system which was installed as an XI virtual image (however, I did import data from the old dev system which was also an OEL manual install)

edit to add:

Code: Select all

[coadminsj@cawlkld34 ~]$ sudo ls -la /usr/local/nagiosxi/html/includes/components/capacityplanning/images/
total 24
drwxr----- 2 nagios nagios 4096 Mar  9  2015 .
drwxr-x--- 6 nagios nagios 4096 Jan  6 15:45 ..
-rw-r----- 1 nagios nagios  473 Jan  6 09:51 application_view_list.png
-rw-r----- 1 nagios nagios  823 Jan  6 09:51 chart_curve_go.png
-rw-r----- 1 nagios nagios  512 Jan  6 09:51 cog.png
-rw-r----- 1 nagios nagios  655 Jan  6 09:51 cross.png

Re: Issue with capacity management graphs

Posted: Tue Jan 10, 2017 9:22 am
by rkennedy
What is the output of cat /etc/*release* and getenforce?

The permissions look to be the same on my end -

Code: Select all

[root@localhost archives]# ls -la /usr/local/nagiosxi/html/includes/components/capacityplanning/images/
total 24
drwxr-x--- 2 nagios nagios 4096 Oct  4 18:32 .
drwxr-x--- 6 nagios nagios 4096 Oct  4 18:32 ..
-rw-r----- 1 nagios nagios  473 Oct 25 14:15 application_view_list.png
-rw-r----- 1 nagios nagios  823 Oct 25 14:15 chart_curve_go.png
-rw-r----- 1 nagios nagios  512 Oct 25 14:15 cog.png
-rw-r----- 1 nagios nagios  655 Oct 25 14:15 cross.png
Can you also post a copy of your /etc/sudoers for us to review?

Re: Issue with capacity management graphs

Posted: Tue Jan 10, 2017 10:16 am
by perric

Code: Select all

[coadminsj@cawlkld34 ~]$ cat /etc/*release*
CentOS release 6.7 (Final)
CentOS release 6.7 (Final)
CentOS release 6.7 (Final)
cpe:/o:centos:linux:6:GA
[coadminsj@cawlkld34 ~]$

Code: Select all

[coadminsj@cawlkld34 ~]$ getenforce
Disabled

Code: Select all

[coadminsj@cawlkld34 ~]$ sudo cat /etc/sudoers
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.

## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias     FILESERVERS = fs1, fs2
# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands...

## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
#         You have to run "ssh -t hostname sudo <cmd>".
#
#Defaults    requiretty

#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults   !visiblepw

#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults    always_set_home

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults   env_keep += "HOME"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
##      user    MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL

## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now
%core\ systems\ domain\ admins ALL=ALL

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d




User_Alias      NAGIOSXI=nagios
User_Alias              NAGIOSXIWEB=apache
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/backup_xi.sh *
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *

Re: Issue with capacity management graphs

Posted: Tue Jan 10, 2017 3:31 pm
by lmiltchev
Let's look at the permissions of all files/directories under "/nagiosxi/html/includes/components/capacityplanning" - run the following commands, and show the output:

Code: Select all

ls -lad /usr/local/nagiosxi/html/includes/components/capacityplanning
ls -laR /usr/local/nagiosxi/html/includes/components/capacityplanning

Re: Issue with capacity management graphs

Posted: Tue Jan 10, 2017 3:53 pm
by perric

Code: Select all

[coadminsj@cawlkld34 ~]$ sudo ls -lad /usr/local/nagiosxi/html/includes/components/capacityplanning
drwxr-x--- 6 nagios nagios 4096 Jan  6 15:45 /usr/local/nagiosxi/html/includes/components/capacityplanning
[coadminsj@cawlkld34 ~]$ sudo ls -laR /usr/local/nagiosxi/html/includes/components/capacityplanning
/usr/local/nagiosxi/html/includes/components/capacityplanning:
total 496
drwxr-x---  6 nagios nagios   4096 Jan  6 15:45 .
drwxr-x--- 64 nagios nagios   4096 Oct 20 17:11 ..
drwxr-----  2 nagios nagios   4096 Mar  9  2015 backend
-rw-r-----  1 nagios nagios 132593 Jan  6 09:51 capacityplanning.inc.php
-rwxr-x---  1 nagios nagios 219129 Jan  6 09:51 capacityplanning.php
-rwxr-x---  1 nagios nagios   9419 May  6  2014 capacityPlanning.py
-rw-r-----  1 nagios nagios   1368 Jan  6 09:51 CHANGES.txt
-rw-r-----  1 nagios nagios   6403 Jan  6 09:51 cp-common.inc.php
-rw-r-----  1 nagios nagios    774 Jan  6 09:51 cp-extrap.php
-rw-r-----  1 nagios nagios   2879 Jan  6 09:51 cp-reference.php
-rw-r-----  1 nagios nagios   5677 Jan  6 09:51 dashlet.inc.php
-rwxr-x---  1 nagios nagios   6641 May  6  2014 Forecast.py
drwxr-----  2 nagios nagios   4096 Mar  9  2015 images
drwxr-x---  2 nagios nagios   4096 Oct 20 17:11 includes
-rw-r-----  1 nagios nagios    939 Jan  6 09:51 make-dashlet.php
-rwxr-x---  1 nagios nagios   6647 May  6  2014 RRDDatastore.py
-rw-r-----  1 nagios nagios   1166 Jan  6 09:51 sanity.sh
drwxr-----  2 nagios nagios   4096 Mar  9  2015 templates
-rwxr-x---  1 nagios nagios   1548 May  6  2014 timeframe.py
-rwxr-x---  1 nagios nagios  49576 May  6  2014 timepicker.js
-rwxr-x---  1 nagios nagios   3845 May  6  2014 XMLrep.py

/usr/local/nagiosxi/html/includes/components/capacityplanning/backend:
total 48
drwxr----- 2 nagios nagios  4096 Mar  9  2015 .
drwxr-x--- 6 nagios nagios  4096 Jan  6 15:45 ..
-rwxr----- 1 nagios nagios 11494 Jan  6 09:51 capacityplanning.py
-rwxr----- 1 nagios nagios  7370 Jan  6 09:51 forecast.py
-rwxr----- 1 nagios nagios  9378 Jan  6 09:51 rrddatastore.py
-rwxr----- 1 nagios nagios  3307 Jan  6 09:51 timeframe.py
-rwxr----- 1 nagios nagios  3823 Jan  6 09:51 XMLrep.py

/usr/local/nagiosxi/html/includes/components/capacityplanning/images:
total 24
drwxr----- 2 nagios nagios 4096 Mar  9  2015 .
drwxr-x--- 6 nagios nagios 4096 Jan  6 15:45 ..
-rw-r----- 1 nagios nagios  473 Jan  6 09:51 application_view_list.png
-rw-r----- 1 nagios nagios  823 Jan  6 09:51 chart_curve_go.png
-rw-r----- 1 nagios nagios  512 Jan  6 09:51 cog.png
-rw-r----- 1 nagios nagios  655 Jan  6 09:51 cross.png

/usr/local/nagiosxi/html/includes/components/capacityplanning/includes:
total 108
drwxr-x--- 2 nagios nagios  4096 Oct 20 17:11 .
drwxr-x--- 6 nagios nagios  4096 Jan  6 15:45 ..
-rw-r----- 1 nagios nagios  3981 Jan  6 09:51 capacityplanning.css
-rw-r----- 1 nagios nagios     0 Jan  6 09:51 capacityplanning.js
-rw-r----- 1 nagios nagios  9751 Mar  9  2015 capacityreport.js
-rw-r----- 1 nagios nagios 20442 Jan  6 09:51 capacityreport.js.php
-rwxr-x--- 1 nagios nagios 64337 Jan  6 09:51 timepicker.js

/usr/local/nagiosxi/html/includes/components/capacityplanning/templates:
total 20
drwxr----- 2 nagios nagios 4096 Mar  9  2015 .
drwxr-x--- 6 nagios nagios 4096 Jan  6 15:45 ..
-rw-r----- 1 nagios nagios  992 Jan  6 09:51 capacityreport.inc.php
-rw-r----- 1 nagios nagios 5050 Jan  6 09:51 capacityreporttemplate.inc.php
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited