[icinga-users] icinga-nrpe

Michael Friedrich michael.friedrich at univie.ac.at
Wed Mar 7 23:57:23 CET 2012


On 07.03.2012 22:31, Thomas Pries wrote:
>
>
> I took icinga-nrpe-HEAD.tar.gz from
>
> https://git.icinga.org/?p=icinga-nrpe.git;a=tree;hb=HEAD
>
> may be, this was not a good idea, now I got
>
> icinga-nrpe-f42441262157d866cf45d20e3793f0c9e11c2bb2.tar

ok. that's current head with my 2 fixes on top. otherwise ipv6 
connections would have failed.

>
>
> from https://git.icinga.org/?p=icinga-nrpe.git;a=summary
>
> Now there is a little more output:
>
> Mar  7 21:11:20 ntp nrpe[23167]: Connection from 2001:... port 57828
> Mar  7 21:11:20 ntp nrpe[23167]: got match with 2001:...
> Mar  7 21:11:20 ntp nrpe[23167]: Host address 2001:... is in allowed_hosts
> Mar  7 21:11:20 ntp nrpe[23167]: Handling the connection...
> Mar  7 21:11:22 ntp nrpe[23167]: Error: Could not complete SSL handshake. 1
> Mar  7 21:11:22 ntp nrpe[23167]: Connection from 2001:.... closed.

how about nrpe.cfg?

mine for testing ipv6 looks like this.

log_facility=daemon
pid_file=/var/run/icinga-nrpe.pid
server_port=5666
#server_address=127.0.0.1
server_address=::1
nrpe_user=icinga
nrpe_group=icinga
allowed_hosts=::1,::2,::3,127.0.0.0/24,127.0.0.2,::4/64
#allowed_hosts=127.0.0.0/24
#allowed_hosts=127.0.0.1/24
dont_blame_nrpe=1
# command_prefix=/usr/bin/sudo
#debug=0
debug=1
command_timeout=60
connection_timeout=300
#allow_weak_random_seed=1
illegal_metachars="|`&><'\"[]{};"
#include=<somefile.cfg>
#include_dir=<somedirectory>
#include_dir=<someotherdirectory>
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 1.5,1.1,0.9 -c 
3.0,2.2,1.9
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p 
/dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 
10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 
200

command[test_longoutput]=/usr/lib/nagios/plugins/check_dummy 0 "OUPUT | 
PERFDATA \n LONGOUTPUT 
R0W/RB7cTThkx6WNdQhtVSO/HO4=|JFEOInz/+xtOsGF7lWKemVQ2RO8= ssh-dss 
AAAAB3NzaC1kc3MAAACBAOoMAbj/bzfukfFRSh+7C6AOo/fzLFl4JNefoj2fBtGJzVvzmNIwJSpBvqFerAhHBvtwR1QYtFmcpLXXuV05eNzQb8jrKntFezDZjxA0vOc6My92x4KLNYT/5hAqegwPKglIUU+eM1wRCHc6USlSi2WoVvm0qQoecfZTihl86PY7AAAAFQCcE6oocccAkCpZhfdL7l7qiUo4JQAAAIEAnYXg2OwLy4RraBt8jC6cxfoa8sKft0vM2lkKYCpg7WZZACU1PPWabsax5X6T51ClMH5GYp0GZqF8vGMvVjNcKkvD9ggpr+HXxQAxj6LeRwxqDUYdQEgFSfM3oBTSlONVc1UXbWt9uEwHJuxSrnL0oKMR02tcMO2+zndz7+/3GJ4AAACAR2xs+0f19KoxI1l2ctAT2jBOhSPVQygidX+7ozyBSSqrie2MWKUC7hTZNjVdK96l/pcZCMzZ03tFQH8uDC/qsL0Vg7jjh65aDW5pKE6Fcev1zxu4LpLHCzuszd09CMzXQPgS6/22mL0DpIMnNcJhfHdUlmmMugkQ7+HkXcKdSgw=R0W/RB7cTThkx6WNdQhtVSO/HO4=|JFEOInz/+xtOsGF7lWKemVQ2RO8= 
ssh-dss 
AAAAB3NzaC1kc3MAAACBAOoMAbj/bzfukfFRSh+7C6AOo/fzLFl4JNefoj2fBtGJzVvzmNIwJSpBvqFerAhHBvtwR1QYtFmcpLXXuV05eNzQb8jrKntFezDZjxA0vOc6My92x4KLNYT/5hAqegwPKglIUU+eM1wRCHc6USlSi2WoVvm0qQoecfZTihl86PY7AAAAFQCcE6oocccAkCpZhfdL7l7qiUo4JQAAAIEAnYXg2OwLy4RraBt8jC6cxfoa8sKft0vM2lkKYCpg7WZZACU1PPWabsax5X6T51ClMH5GYp0GZqF8vGMvVjNcKkvD9ggpr+HXxQAxj6LeRwxqDUYdQEgFSfM3oBTSlONVc1UXbWt9uEwHJuxSrnL0oKMR02tcMO2+zndz7+/3GJ4AAACAR2xs+0f19KoxI1l2ctAT2jBOhSPVQygidX+7ozyBSSqrie2MWKUC7hTZNjVdK96l/pcZCMzZ03tFQH8uDC/qsL0Vg7jjh65aDW5pKE6Fcev1zxu4LpLHCzuszd09CMzXQPgS6/22mL0DpIMnNcJhfHdUlmmMugkQ7+HkXcKdSgw=R0W/RB7cTThkx6WNdQhtVSO/HO4=|JFEOInz/+xtOsGF7lWKemVQ2RO8= 
ssh-dss 
AAAAB3NzaC1kc3MAAACBAOoMAbj/bzfukfFRSh+7C6AOo/fzLFl4JNefoj2fBtGJzVvzmNIwJSpBvqFerAhHBvtwR1QYtFmcpLXXuV05eNzQb8jrKntFezDZjxA0vOc6My92x4KLNYT/5hAqegwPKglIUU+eM1wRCHc6USlSi2WoVvm0qQoecfZTihl86PY7AAAAFQCcE6oocccAkCpZhfdL7l7qiUo4JQAAAIEAnYXg2OwLy4RraBt8jC6cxfoa8sKft0vM2lkKYCpg7WZZACU1PPWabsax5X6T51ClMH5GYp0GZqF8vGMvVjNcKkvD9ggpr+HXxQAxj6LeRwxqDUYdQEgFSfM3oBTSlONVc1UXbWt9uEwHJuxSrnL0oKMR02tcMO2+zndz7+/3GJ4AAACAR2xs+0f19KoxI1l2ctAT2jBOhSPVQygidX+7ozyBSSqrie2MWKUC7hTZNjVdK96l/pcZCMzZ03tFQH8uDC/qsL0Vg7jjh65aDW5pKE6Fcev1zxu4LpLHCzuszd09CMzXQPgS6/22mL0DpIMnNcJhfHdUlmmMugkQ7+HkXcKdSgw=R0W/RB7cTThkx6WNdQhtVSO/HO4=|JFEOInz/+xtOsGF7lWKemVQ2RO8= 
ssh-dss 
AAAAB3NzaC1kc3MAAACBAOoMAbj/bzfukfFRSh+7C6AOo/fzLFl4JNefoj2fBtGJzVvzmNIwJSpBvqFerAhHBvtwR1QYtFmcpLXXuV05eNzQb8jrKntFezDZjxA0vOc6My92x4KLNYT/5hAqegwPKglIUU+eM1wRCHc6USlSi2WoVvm0qQoecfZTihl86PY7AAAAFQCcE6oocccAkCpZhfdL7l7qiUo4JQAAAIEAnYXg2OwLy4RraBt8jC6cxfoa8sKft0vM2lkKYCpg7WZZACU1PPWabsax5X6T51ClMH5GYp0GZqF8vGMvVjNcKkvD9ggpr+HXxQAxj6LeRwxqDUYdQEgFSfM3oBTSlONVc1UXbWt9uEwHJuxSrnL0oKMR02tcMO2+zndz7+/3GJ4AAACAR2xs+0f19KoxI1l2ctAT2jBOhSPVQygidX+7ozyBSSqrie2MWKUC7hTZNjVdK96l/pcZCMzZ03tFQH8uDC/qsL0Vg7jjh65aDW5pKE6Fcev1zxu4LpLHCzuszd09CMzXQPgS6/22mL0DpIMnNcJhfHdUlmmMugkQ7+HkXcKdSgw=R0W/RB7cTThkx6WNdQhtVSO/HO4=|JFEOInz/+xtOsGF7lWKemVQ2RO8= 
ssh-dss 
AAAAB3NzaC1kc3MAAACBAOoMAbj/bzfukfFRSh+7C6AOo/fzLFl4JNefoj2fBtGJzVvzmNIwJSpBvqFerAhHBvtwR1QYtFmcpLXXuV05eNzQb8jrKntFezDZjxA0vOc6My92x4KLNYT/5hAqegwPKglIUU+eM1wRCHc6USlSi2WoVvm0qQoecfZTihl86PY7AAAAFQCcE6oocccAkCpZhfdL7l7qiUo4JQAAAIEAnYXg2OwLy4RraBt8jC6cxfoa8sKft0vM2lkKYCpg7WZZACU1PPWabsax5X6T51ClMH5GYp0GZqF8vGMvVjNcKkvD9ggpr+HXxQAxj6LeRwxqDUYdQEgFSfM3oBTSlONVc1UXbWt9uEwHJuxSrnL0oKMR02tcMO2+zndz7+/3GJ4AAACAR2xs+0f19KoxI1l2ctAT2jBOhSPVQygidX+7ozyBSSqrie2MWKUC7hTZNjVdK96l/pcZCMzZ03tFQH8uDC/qsL0Vg7jjh65aDW5pKE6Fcev1zxu4LpLHCzuszd09CMzXQPgS6/22mL0DpIMnNcJhfHdUlmmMugkQ7+HkXcKdSgw="

cert_file=/etc/icinga-nrpe/server.crt
cacert_file=/etc/icinga-nrpe/server.crt
privatekey_file=/etc/icinga-nrpe/server.key

include_dir=/etc/icinga-nrpe/conf.d



>
>
> And the client says:
>
> ./check_nrpe -H ntp....  -C /usr/local/icinga/etc/client_icinga-nrpe.crt
> -k /usr/local/icinga/etc/client_icinga-nrpe_sin.key -r
> /usr/local/icinga/etc/client_icinga-nrpe.crt -t 20 -c check_part_root
>
> CHECK_NRPE: Error - Could not complete SSL handshake.
> CHECK_NRPE: Error - Failed to verify server certificate.

is the icinga user allowed to read the key/crt file?

i'll look into the code to make it more verbose...

>
>
> ------------------------------------------------------------------------------
> Virtualization&  Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> icinga-users mailing list
> icinga-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/icinga-users


-- 
DI (FH) Michael Friedrich

Vienna University Computer Center
Universitaetsstrasse 7 A-1010 Vienna, Austria

email:     michael.friedrich at univie.ac.at
phone:     +43 1 4277 14359
mobile:    +43 664 60277 14359
fax:	   +43 1 4277 14338
web:       http://www.univie.ac.at/zid
            http://www.aco.net

Lead Icinga Core Developer
http://www.icinga.org





More information about the icinga-users mailing list