Hi,
Installed Nagios Core on ubuntu 12.04. the verification was well, nagios service is running fine. Remote host was AWS Amazon Linux machine, nagios plugin, nrpe installation went well.
locally check_nrpe -H localhost is good on both core and remote servers.
netstat -at | grep nrpe is good.
but, from nagios core server when i check check_nrpe -H <remote host ip> i get ssl handshake issue.
searched on google for hours, but no luck.
i feel all is well on the nagios core side. just something was wrong on the remote host side. now i would like to remove the nagios plugin, nrpe and all from the remote host and try re-installing. please suggest if anything else needs to be done other than nrpe.pdf from nagios website.
NRPE - SSL handshare (xinetd + nrpe)
Re: NRPE - SSL handshare (xinetd + nrpe)
The answers you seek will be in /var/log/messages on the remote host... it will tell you exactly why it's failing.
If I had to take a wild stab in the dark without the exact error message, I would say that NRPE on the remote host was compiled without open-ssl installed or with SSL disabled on compile.
As a work around that doesn't require reinstalling the agent, on the Nagios server try running the check with the -n switch(check_nrpe -H <host ip> -n), which will tell it to run the command with SSL disabled. This will however transmit the command in plain text which is all kinds of bad if security is a concern.
If I had to take a wild stab in the dark without the exact error message, I would say that NRPE on the remote host was compiled without open-ssl installed or with SSL disabled on compile.
As a work around that doesn't require reinstalling the agent, on the Nagios server try running the check with the -n switch(check_nrpe -H <host ip> -n), which will tell it to run the command with SSL disabled. This will however transmit the command in plain text which is all kinds of bad if security is a concern.
-
inventsekar
- Posts: 37
- Joined: Fri Jul 20, 2012 11:29 am
Re: NRPE - SSL handshare (xinetd + nrpe)
Hi,
thanks a lot for your reply...this installation gave me really a difficult time...i was trying some steps again and again and now, the output is:
root@nagios-core:~# /usr/local/nagios/libexec/check_nrpe -H remote_host_ip -n
CHECK_NRPE: Error receiving data from daemon.
root@nagios-core:~# /usr/local/nagios/libexec/check_nrpe -H remote_host_ip
CHECK_NRPE: Error - Could not complete SSL handshake.
root@nagios-core:~#
thanks a lot for your reply...this installation gave me really a difficult time...i was trying some steps again and again and now, the output is:
root@nagios-core:~# /usr/local/nagios/libexec/check_nrpe -H remote_host_ip -n
CHECK_NRPE: Error receiving data from daemon.
root@nagios-core:~# /usr/local/nagios/libexec/check_nrpe -H remote_host_ip
CHECK_NRPE: Error - Could not complete SSL handshake.
root@nagios-core:~#
Re: NRPE - SSL handshare (xinetd + nrpe)
Dear inventsekar,inventsekar wrote:Hi,
thanks a lot for your reply...this installation gave me really a difficult time...i was trying some steps again and again and now, the output is:
root@nagios-core:~# /usr/local/nagios/libexec/check_nrpe -H remote_host_ip -n
CHECK_NRPE: Error receiving data from daemon.
root@nagios-core:~# /usr/local/nagios/libexec/check_nrpe -H remote_host_ip
CHECK_NRPE: Error - Could not complete SSL handshake.
root@nagios-core:~#
your problem was so easy , so don't worry about it
if u installed NRPE under xinetd(as per the online documentation) so u forgot to add the ip of monitoring server in ur nrpe machine as :
Edit the /etc/xinetd.d/nrpe file and add the IP address of the monitoring server to the
only_from directive. only_from = 127.0.0.1 <nagios_ip_address>
Add the following entry for the NRPE daemon to the /etc/services file.
nrpe 5666/tcp # NRPE
service xinetd restart
Re: NRPE - SSL handshare (xinetd + nrpe)
I dare say eng_m_g is spot on here, you have two different problems using the -n flag will solve the first one and adding the IP address of your Nagios server to the allowed hosts should solve your other one