[icinga-users] icinga-nrpe

Thomas Pries seirp.samoht at googlemail.com
Thu Mar 8 07:28:38 CET 2012


Good Morning,

Am 08.03.2012 02:02, schrieb Michael Friedrich:
> On 07.03.2012 23:57, Michael Friedrich wrote:
>... added a new option to check_nrpe,...

Ok, with the new version daemon output is:

Mar  8 06:04:38 ntp nrpe[12938]: Using illegal meta characters 
'"|`&><'\"[]{};"'
Mar  8 06:04:38 ntp nrpe[12938]: Added 
command[check_part_root]=/usr/local/icinga/lib/check_disk -w 20% -c 10% -p /
Mar  8 06:04:38 ntp nrpe[12938]: IPv4 ACL: 127.0.0.1/32 16777343
Mar  8 06:04:38 ntp nrpe[12938]: IPv4 ACL: 192.168.3.7/32 117680320
Mar  8 06:04:38 ntp nrpe[12938]: IPv6 allowed_hosts: ::1,2001:4dd0:fb32:3::7
Mar  8 06:04:38 ntp nrpe[12938]: INFO: SSL/TLS initialized. All network 
traffic will be encrypted.
Mar  8 06:04:38 ntp nrpe[12939]: Starting up daemon
Mar  8 06:04:38 ntp nrpe[12939]: Listening for connections on port 5666
Mar  8 06:04:38 ntp icinga-nrpe[12914]: Starting Icinga NRPE ..done

Mar  8 06:06:53 ntp nrpe[13100]: Connection from 127.0.0.1 port 11732
Mar  8 06:06:53 ntp nrpe[13100]: Host address 127.0.0.1 is in allowed_hosts
Mar  8 06:06:53 ntp nrpe[13100]: Handling the connection...
Mar  8 06:06:55 ntp nrpe[13100]: Error: Could not complete SSL handshake. 1
Mar  8 06:06:55 ntp nrpe[13100]: error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Mar  8 06:06:55 ntp nrpe[13100]: no certificate returned
Mar  8 06:06:55 ntp nrpe[13100]: Connection from 127.0.0.1 closed.


and the client says:

./check_nrpe -H ntp.pries.name  -C 
/usr/local/icinga/etc/client_icinga-nrpe.crt -k 
/usr/local/icinga/etc/client_icinga-nrpe_sin.key -r 
/usr/local/icinga/etc/client_icinga-nrpe.crt -t 20 -v -c check_part_root

NRPE Plugin for Icinga
Copyright (c) 1999-2008 Ethan Galstad (nagios at nagios.org)
Copyright (c) 2010-2012 Icinga Development Team and Community 
Contributors (http://www.icinga.org)
Version: 3.0-dev
Last Modified: 03-04-2012
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: OpenSSL 0.9.6 or higher required

CHECK_NRPE: created SSL context.
CHECK_NRPE: SSL/TLS initialized. All network traffic will be encrypted.
CHECK_NRPE: Error - Could not complete SSL handshake.
CHECK_NRPE: error:00000000:lib(0):func(0):reason(0)
CHECK_NRPE: (null)
CHECK_NRPE: Error 0 - Failed to verify server x509 certificate.
CHECK_NRPE: error:00000000:lib(0):func(0):reason(0)
CHECK_NRPE: (null)
CHECK_NRPE: Common Name 'ntp.pries.name' in server certificate matches 
host name 'ntp.pries.name'.
CHECK_NRPE: Got peer certificate.
CHECK_NRPE: SSL connection structure created.
CHECK_NRPE: Result not OK, bailing out ...


My conf is:

log_facility=daemon
pid_file=/var/run/icinga-nrpe.pid
server_port=5666
cert_file=/usr/local/icinga/etc/icinga-nrpe.crt
cacert_file=/usr/local/icinga/etc/icinga-nrpe.crt
privatekey_file=/usr/local/icinga/etc/icinga-nrpe_sin.key
nrpe_user=nagios
nrpe_group=nagios
allowed_hosts=127.0.0.1,192.168.3.7,::1,2001:4dd0:fb32:3::7
dont_blame_nrpe=0
debug=1
command_timeout=60
connection_timeout=300
illegal_metachars="|`&><'\"[]{};"
command[check_part_root]=/usr/local/icinga/lib/check_disk -w 20% -c 10% -p /







More information about the icinga-users mailing list