LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 01-31-2007, 02:50 PM   #1
Mangenius
Member
 
Registered: Jan 2007
Posts: 30

Rep: Reputation: 15
nrpe installation and configuration via proxy?


Sorry about the phrasing of the subject. Here's what I'd like to do:

We have a nagios server -- let's call it 1.2.3.4 -- and we want to run nrpe as a daemon on a remote system -- let's call it new_client, with an ip of 9.10.11.12. The problem is we can't see 9.10.11.12 from 1.2.3.4. But 5.6.7.8 can! So what we want to do is do a check_nrpe from 1.2.3.4 (the nagios server) to 5.6.7.8, which in turn would execute check_nrpe to 9.10.11.12. Is there are a way I can do this without installing two nagios servers?

Can I just install nagios plugins and nrpe on all three machines? do I need to make any special changes in the nrpe.cfg file if I'm running nrpe as a daemon? In other words, I don't need to specify the nagios IP and remote host IPs in the nrpe.cfg file.


Update: For now, I just want the nagios server to be able to send a request to the nrpe daemon and process the request on that remote host. the problem right now is nrpe is not starting up. I don't see it running on the remote host.

Last edited by Mangenius; 01-31-2007 at 04:28 PM.
 
Old 01-31-2007, 05:04 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
How about some SSH tunneling? You can set up a tunnel from your Nagios host to the intermediate one and then on that allows you to connect from the Nagios host via intermediary to the target host, http://souptonuts.sourceforge.net/sshtips.htm for details.
 
Old 01-31-2007, 09:46 PM   #3
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,950
Blog Entries: 5

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
Haven't done it but would suggest what UnSpawn said.

As to nrpe.cfg - the only thing it needs so far as the Nagios server is concerned is an allow hosts line. This should be the IP that the Nagios server is coming in through which may appear to be different using tunneling than the real host. That line is just:
allowed_hosts=xx.xx.xx.xx

nrpe.cfg is mainly used to tell the NRPE on the host being monitored what to monitor and what port to use.
 
Old 01-31-2007, 11:39 PM   #4
Mangenius
Member
 
Registered: Jan 2007
Posts: 30

Original Poster
Rep: Reputation: 15
Interesting suggestions and advice. Thank you. I'll have to look into ssh tunneling; that's a new one to me. but I wonder if I can do something as simple as passing check_nrpe into check_nrpe, as well as the command I want to execute on the target remote host, like this:

check_nrpe!check_nrpe!check_ping

Whenever nagios sees check_nrpe, it passes along the arguments to be executed by the remote host. Myabe I'd have to create a services and host configuration files on the intermediate host or something, I dunno. I'd have to somehow tell the intermediate host to pass it to the target remote host. That ssh tunneling may be the trick to all this.

But first, I have to get it running from the server to any host. So far, the nrpe daemon is not running.
 
Old 02-01-2007, 01:39 PM   #5
Mangenius
Member
 
Registered: Jan 2007
Posts: 30

Original Poster
Rep: Reputation: 15
This is very aggrivating. I can't get nrpe to work, at all! Here's what I have:

Nagios server(let's call it 1.2.3.4):

Here, I'm just concerned about services.cfg, hosts.cfg, checkcommands.cfg and nrpe.cfg.

host nrpe_client was stored in the hosts.cfg file, and nagios recognizes it with the check-host-alive command, which is what I told to do in the hosts.cfg file. Right.

In the services.cfg file, I typed in for the command, "check_nrpe!check_ping!100.0,20%!500.0,60%" (without quotes).

In checkcommands.cfg, I have the following: command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ $ARG3$ $ARG4$
I also have the following for check_ping: command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5

In the nrpe.cfg file, server_address=1.2.3.4 and allowed_hosts=127.0.0.1, 5.6.7.8


nrpe_client (5.6.7.8):

Here, I'm just concerned about nrpe.cfg

In nrpe.cfg, server_address=1.2.3.4, and allowed_hosts=127.0.0.1, 1.2.3.4
don't_blame_me=1
command[check_ping]=/usr/local/nagios/libexec/check_ping -H $ARG1$ -w $ARG2$ -c $AGR3$ -p 5

I type in ./nrpe -c nrpe.cfg -d, pres enter, and nothing. Nagios says connection refused by host. I'm not sure what I'm doing wrong here.

Any help would be, of course, appreciated.

Last edited by Mangenius; 02-01-2007 at 01:41 PM.
 
Old 02-01-2007, 02:22 PM   #6
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,950
Blog Entries: 5

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
Lets define a couple of things:

Nagios Host = The host where the main Nagios setup is. This runs nagios and uses the config files hosts.cfg, services.cfg etc... but NOT nrpe.cfg. From what you wrote this should be 1.2.3.4

NRPE host = The host to be monitored by Nagios using NRPE. This would have nrpe.cfg but NOT hosts.cfg, services.cfg etc... From what you wrote this should be 5.6.7.8

From what you wrote it sounds almost as if you're configuring npre.cfg on the Nagios host rather than the NRPE host.

The settings are backwards. You should have 5.6.7.8 as server address and 1.2.3.4 as allowed hosts.

Server Address isn't even necessary - its just to bind your NRPE daemon to a specific address on the local host if you have more than one NIC and care which one it uses.

Allowed Hosts is the host (Nagios Host) that is permitted to talk to the NRPE daemon on the NRPE host.
 
Old 02-01-2007, 11:52 PM   #7
Mangenius
Member
 
Registered: Jan 2007
Posts: 30

Original Poster
Rep: Reputation: 15
Quote:
From what you wrote it sounds almost as if you're configuring npre.cfg on the Nagios host rather than the NRPE host.
Sort of. Actually, I was configuring it on both the Nagios host and the NRPE host.

This is important to understand for troubleshooting: How does the nagios host communicate with the NRPE host?

If I wanted to ping any host, it'll execute the check_ping command on the Nagios host. It knows which host to ping, because the IP of that host is defined in the services.cfg file. But what about the NRPE host? The check_nrpe command executes on the NRPE host, not the Nagios host, right? So how is the Nagios host supposed to know the NRPE host executes the command?

The way I understand it, Nagios host sees check_nrpe and sends the command to the NRPE host, not unlike sending any checkcommand to any host. The difference is the NRPE daemon catches the command, strips check_nrpe and passes on the arguments after it (i.e. check_http) Then, the NRPE host executes those arguments. I think that sounds right, but that's why I'm asking, because I can't troubleshoot anything if I don't understand how it works.

So, why is it that I read for the NRPE installation you have to install it on both the NRPE host and the Nagios host?

Thank you very much.
 
Old 02-02-2007, 08:30 AM   #8
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,950
Blog Entries: 5

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
You need the check_nrpe COMMAND on the Nagios host. You need the nrpe.cfg on the NRPE host.

Usage of the check_nrpe command:
Quote:
Usage: ./check_nrpe -H <host_address> [-p port] [-c command] [-to to_sec]

Options:
<host_address> = The IP address of the host running the NRPE daemon
[port] = The port on which the daemon is running - default is 5666
[command] = The name of the command that the remote daemon should run
[to_sec] = Number of seconds before connection attempt times out.
Default timeout is 10 seconds

Note:
This plugin requires that you have the NRPE daemon running on the remote host.
You must also have configured the daemon to associate a specific plugin command
with the [command] option you are specifying here. Upon receipt of the
[command] argument, the NRPE daemon will run the appropriate plugin command and
send the plugin output and return code back to *this* plugin. This allows you
to execute plugins on remote hosts and 'fake' the results to make Nagios think
the plugin is being run locally.
The config file that would be relevant on the Nagios host would be checkcommands.cfg. This is just so you can use shorthand in the services.cfg.

So in my checkcommands.cfg file I have (among other things):
Code:
# 'check_nrpe' command definition
define command{
        command_name    check_nrpe
        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -to 120
        }
In services.cfg I use the above defined command as for example:
Code:
define service{
        use                             generic-service
        hostgroup_name                  11-Local-HP-Unix-Servers
        service_description             # CPU Utilization
        contact_groups                  ux-admins, noc-op
        check_command                   check_nrpe!check_cpu
        }
The above check command translates to:
/usr/local/nagios/libexec/check_nrpe -H <each host in host group 11> -c check_cpu -to 120.

The -to 120 tells it to timeout in 2 minutes.

Note in the usage it talks about specifying port which you could do but the default is 5666 and needs to be in the nrpe.cfg on the remote host.

The hosts are defined in hosts.cfg and hostgroups.cfg. You can define a service by either. Typically we put all our hosts in host groups and do the common things (cpu checks, memory checks etc...) at the host group level then do specific things (e.g. filesystem checks, web server checks) per host as they aren't the same on all hosts.
 
Old 02-02-2007, 12:45 PM   #9
Mangenius
Member
 
Registered: Jan 2007
Posts: 30

Original Poster
Rep: Reputation: 15
Thank you very much for the detailed explanation. I sincerely appreciate it. You should've wrote the faq for it lol

I followed it like you said. Now I'm getting "(Return code of 127 is out of bounds - plugin may be missing)" (without quotes), which is better than "connection refused by host". It's also listed as CRITICAL.

Here's the relevent information I have on nagios host
-----------------------------------------------------
checkcommands.cfg
-----------------
# 'check_nrpe' command definition
define command{
command_name check_nrpe
command_line check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ $ARG3$ $ARG4$
}

# 'check_ping' command definition
define command{
command_name check_ping
command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
}


services.cfg
------------
check_command check_nrpe!check_ping!100.0,20%!500.0,60%



Here's the relevent information i have on NRPE host
---------------------------------------------------
nrpe.cfg
--------
allowed_hosts=127.0.0.1, (IP of nagios host)
command[check_ping]=/usr/local/nagios/libexec/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $AGR2$ -p 5


I still can't see the nrpe daemon running; so, I must've made enough changes to have nagios report this new error of 127 out of bounds. I should note that the Nagios host does have check_nrpe in its libexec for the plugins; however, the NRPE host does NOT have check_nrpe in its libexec. Could this be the problem?

Last edited by Mangenius; 02-02-2007 at 12:53 PM.
 
Old 02-02-2007, 12:56 PM   #10
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,950
Blog Entries: 5

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
127.0.0.1 is not the IP of any host but rather the IP of "localhost" (a/k/a loopback). It always refers to the system you are on. That is to say on your Nagios host 127.0.0.1 refers to the Nagios host but on the NRPE host 127.0.0.1 refers to the NRPE host rather than the Nagios host. On a Windoze workstation 127.0.0.1 would refer to the Windoze workstation. This is not a Nagios/NRPE thing but a basic networking concept.

Since the nrpe.cfg shows only 127.0.0.1 allowed you're basically telling the NRPE host it can only talk to itself.

Run "ifconfig" on your Nagios host. Assuming it is linux you'll see an entry for lo0 (loopback) but should also see another entry for your NIC. It is the Nagios host NIC's IP that should be in the nrpe.cfg on the NRPE host. The allow is saying "allow the specified Nagios host to talk to me (me being the NRPE host).

As noted in my prior post check_nrpe is a command and should be in libexec on the Nagios host. nrpe.cfg is a configuration file and should be on the NRPE host. So the answer to your final question is no - you have it right so far as where the command is.

Last edited by MensaWater; 02-02-2007 at 12:59 PM.
 
Old 02-02-2007, 01:21 PM   #11
Mangenius
Member
 
Registered: Jan 2007
Posts: 30

Original Poster
Rep: Reputation: 15
No, no, you misunderstood. Under allowed_hosts, I had 127.0.0.1 and the IP of the nagios host. Yea, I know that 127.0.0.1 is a loopback to the localhost; I did that intentionally, instead of writing the NRPE host IP. For some reason, the nrpe daemon is not listening on the nrpe host, which is my current reason why it's not working.

I checked using netstat and chkconfig and it's not there, but it's listed under etc/services as nagios-nrpe with port 5666. It's very perplexing.

Last edited by Mangenius; 02-02-2007 at 01:27 PM.
 
Old 02-02-2007, 01:37 PM   #12
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,950
Blog Entries: 5

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
/etc/services simply associates the port with the service. The main point of this is to prevent things that get random ports from taking 5666. (It doesn't actually reserve it - only prevents random assignment so that something that explicitly asks for it can still get it.) It doesn't actually RUN the daemon itself.

You have to start the command "nrpe" on the NRPE host. This is what becomes the daemon. Until you see it running and listening on port 5666 (or whatever port you assign it) then Nagios's check_nrpe won't be able to talk to it.

The start command for nrpe on my NRPE Linux host is:
/usr/local/nagios/libexec/nrpe -c /usr/local/nagios/etc/nrpe.cfg --daemon

There should be an startup script for this in your rc setup. Mine is /etc/init.d/nrpe on a RHEL AS4 system.

If "ps -ef |grep nrpe" doesn't show it running then it isn't a daemon so isn't listening.

By the way "lsof -i :5666" is a quick way to see if anything is listening on port 5666. It will show you the process and its PID as well.
 
Old 02-02-2007, 01:55 PM   #13
Mangenius
Member
 
Registered: Jan 2007
Posts: 30

Original Poster
Rep: Reputation: 15
Thank you very much for all your help. I'm still learning this world and your advice is helping me a lot. Yea, it's not listening. There might be a restriction on a firewall somewhere (I'm not that familar with the topology where I'm at). Is there a log file somewhere, where I can look up errors or activity by the system and/or the nrpe program itself? This way, maybe I can get some insight, as to why the process is not starting or bailing out.

Last edited by Mangenius; 02-02-2007 at 02:02 PM.
 
Old 02-02-2007, 02:02 PM   #14
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,950
Blog Entries: 5

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
The firewall should only affect what things outside the box see. If you're on the NRPE host itself you should be able to run the "ps -ef |grep nrpe" to see if it is running. If it is then run "lsof -p <pid>" on the Process ID. You should see a line like:
nrpe 3938 root 3u IPv4 221358 TCP *:nrpe (LISTEN)

This would show you the process is listening on TCP port named "nrpe" which would be defined in /etc/services. If you see something other than nrpe then it likely means the the port isn't the one you think it is OR /etc/services already had a separate definition. If you see a name it will be in /etc/services (or NIS services if you're doing NIS). If you see a number then it isn't defined in /etc/services. That isn't a major problem so long as it is running. As noted above /etc/services just associates the name with the port number and either tcp or udp.

If the above didn't help let me know - On the NRPE host what do the following show?:
ps -ef |grep nrpe
lsof -i :5666
 
Old 02-02-2007, 02:12 PM   #15
Mangenius
Member
 
Registered: Jan 2007
Posts: 30

Original Poster
Rep: Reputation: 15
Well, the way it works in our topology, some systems can't see each other; they're blocked on purpose. Now, the nagios host and this nrpe host are capable of seeing one another. the only reason I brought this up is I wonder if there's a setting in a firewall someplace that is restricting traffic in such a way that it's affecting nrpe, just on a whim.
This is what it shows for ps -ef | grep nrpe:

root 13805 5043 0 15:10 pts/0 00:00:00 grep nrpe

And lsof -i :5666 just returns back to a prompt. In other words, there's no output.

Strange, huh?

I followed one of the faqs (http://www.nagios.org/docs/ -- it's the word file for installing nagios and nrpe) and executed the below on the nrpe host:

root@whq-nagiosclient ~]# useradd nagios
root@whq-nagiosclient ~]# chown –R nagios /usr/local/nagios

I thought maybe it's a permission access problem on the NRPE host; Im trying to think of everything I know to my knowledge. should I change it to root?

Last edited by Mangenius; 02-02-2007 at 02:24 PM.
 
  


Reply

Tags
monitoring, nagios, nrpe


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
squid proxy server configuration & distribution of internet without proxy gaurav_gupta082 Linux From Scratch 2 07-31-2010 11:25 AM
Nagios - nrpe plugin configuration nitin-saxena Linux - Software 1 10-27-2006 01:50 PM
Proxy configuration tsaravan Linux - Newbie 1 08-04-2005 06:28 AM
Nagios NRPE twantrd Linux - Software 1 10-20-2004 08:24 AM
Proxy configuration milon Linux - Newbie 1 09-26-2004 09:24 AM


All times are GMT -5. The time now is 08:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration