Enable check_nrpe command arguments

Enable check_nrpe command arguments

To enable command arguments in NRPE, you should do the following two things.

1. Configure NRPE with –enable-command-args
Typically when you install NRPE on the remote host, you’ll do ./configure without any arguments. To enable support for command arguments in the NRPE daemon, you should install it with –enable-command-args as shown below.

# tar xvfz nrpe-2.12.tar.gz
# cd nrpe-2.12
# ./configure –enable-command-args
# make all
# make install-plugin
# make install-daemon
# make install-daemon-config
# make install-xinetd

2. Modify nrpe.cfg and set dont_blame_nrpe
Modify the /usr/local/nagios/etc/nrpe.cfg on the remote server and set the dont_blame_nrpe directive to 1 as shown below.

# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed. This option only works
# if the daemon was configured with the –enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments

dont_blame_nrpe=1

Nagios monitoring remote server’s temperature of HDD by smartmon

因為先前遇到伺服器的硬碟抽取盒風扇故障,造成伺服器硬碟過熱當機的狀況。有鑑於此,不想在歷史重演。於是就用 smartmon 套件工具來寫了一個 nagios 檢查硬碟的監控命令腳本。腳本的功能很簡單,只用 smartctl 指令取得指定硬碟的smart資訊,在用 grep、awk 取得硬碟攝氏溫度值。判斷溫度值是屬於何種狀態等級,輸出相對應的狀態說明及回傳狀態代碼。

在 NRPE client Host 端:
寫個檢查硬碟溫度的腳本,下面是 check_temperature.sh 的內容:

#!/bin/bash
# create date :20120815
# create by jerry yang

#description use smartctl and grep to get temperature raw value,then use this value to identify status.

PATH=/usr/bin/:/usr/sbin/:/usr/local/bin/:/usr/local/sbin/:/bin/
disk_path=$1
echo "$(date) path $1 " >> /tmp/pass_argv.log
#nagios error codes
OK=0
WARNING=1
CRITICAL=2
UNKNOWN=3
WARNING_limit=40
CRITICAL_limit=50

temperature=$(smartctl -a -d ata $disk_path | grep ^194 | awk '{print  $10}')
message="The disk [$1]'s temperature is $temperature C"
if ! [[ $temperature =~ ^[0-9]+$ ]]; then
    echo "State UNKNOWN ! can't find the disk device. please,check the disk is exist."
    exit $UNKNOWN
fi

if [[ $temperature -lt $WARNING_limit ]]
then
    echo "State OK ! $message"
    exit $OK
elif [[ $temperature -lt $CRITICAL_limit ]]
then
    echo "State WARNING ! $message"
    exit $WARNING
elif [[ $temperature -eq $CRITICAL_limit || $temperature -gt $CRITICAL_limit ]]
then
    echo "State CRITICAL ! $message"
    exit $CRITICAL
fi

這段腳本執行需要指定硬碟路徑作為參數才能傳回正常值。也是為了給 nrpe 可以傳遞參數使用。還有一個重點是 NRPE 預設是以「nagios」的帳號執行運作,而命令 smartctl 須以 root 的權限執行才能正確訪問到指定的硬碟路徑。
因此,我們編輯「/etc/sudoers」設定讓nagios不用打密碼就能以root的身份執行我們所指定的腳本程式。

編輯/etc/sudoers的命令

visudo

在/etc/sudoers 檔案尾加上一行設定,讓 nagios 不需要密碼以 root 的身份執行腳本。

nagios ALL = (root) NOPASSWD: /usr/local/nagios/libexec/check_temperature.sh

NRPE 的編譯安裝時需要特別指定編譯參數「enable-command-args」,加入允許接收命令參數的功能。並使用「xinted」來管理 NRPE 。

wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.13.tar.gz
tar -xzvf nrpe-2.13.tar.gz
cd nrpe-2.13
./configure --enable-command-args
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd

編輯 /etc/xinted.d/nrpe ,允許 Nagios Server 可以透過 check_nrpe 命令來 NRPE client 。

# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        port            = 5666
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/local/nagios/bin/nrpe
        server_args     = -c /usr/local/nagios/etc/nrpe.cfg -i
        log_on_failure  += USERID
        disable         = no
        only_from       = 192.168.128.116 127.0.0.1
}

only_from 設定哪些 IPADDRESS 可以訪問 NRPE 服務,我的 Nagios Server IP 是 192.168.128.l16 。

啟動 xinted 服務

/etc/init.d/xinted start

編輯 /usr/local/nagios/etc/nrpe.cfg ,在這設定開啟 NRPE 可接收參數的功能與設定檢查命令(利用我們的腳本來取得指定硬碟的溫度值)。

# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed.  This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments

dont_blame_nrpe=1
.....
....
...
command[check_temperature]=/usr/bin/sudo /usr/local/nagios/libexec/check_temperature.sh $ARG1$

dont_blame_nrpe=1 設定為「1」,允許命令可帶參數。最後一行設定命令,而這個命令可以帶一個參數(注意:命令前面有加 「sudo」 )。

在 Nagios Server 端:
先用 check_nrpe 指定查詢命令並帶查詢命令的參數來做測試。命令大致如下:

./check_nrpe -H 192.168.128.231 -c check_temperature -a /dev/sda

執行命令之前需要切換到「check_nrpe」所在的目錄下。

如果上面的測試沒有問題,就可以將上面這一行檢查命令寫到監控主機的設定檔上,將它定義為服務檢查的項目。
下面是主機「filer01.cfg」設定檔片段:

define service{
        use                             local-service
        host_name                       filer01
        service_description             Disk /dev/sda temperature
        check_command                   check_nrpe!check_temperature -a /dev/sda
        }
define service{
        use                             local-service
        host_name                       filer01
        service_description             Disk /dev/sdb temperature
        check_command                   check_nrpe!check_temperature -a /dev/sdb
        }
define service{
        use                             local-service
        host_name                       filer01
        service_description             Disk /dev/sdc temperature
        check_command                   check_nrpe!check_temperature -a /dev/sdc
        }
define service{
        use                             local-service
        host_name                       filer01
        service_description             Disk /dev/sdd temperature
        check_command                   check_nrpe!check_temperature -a /dev/sdd
        }
define service{
        use                             local-service
        host_name                       filer01
        service_description             Disk /dev/sde temperature
        check_command                   check_nrpe!check_temperature -a /dev/sde
        }

上面定義了五個檢查項目,它們都使用同一個命令來做檢查,但只是使用不同的命令參數罷了(硬碟路徑代號)。

設定完成後,記得要讓 Nagios 重新載入設定檔才算是完成設定喔!

Nagios 如何參數傳遞給 NRPE

如何讓 NRPE 允許接收參數的傳遞是這次的重點

在遠端 Nagios Server 上,使用 check_nrpe 並以傳遞參數的方貸式,取得監控主機的服務狀態。卻得到以下的錯誤訊息:

[root@xxx ~]# /usr/local/nagios/libexec/check_nrpe -H 2.xx.xx.xx -c check_pingtest -a " -H 1.2.3.4 -w 150,30% -c 200,50% -p 5"
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

在被監控端主機查看日誌,發現以下訊息。而它說明 NRPE 目前是無法接受傳遞參數的狀態查詢:

/var/log/message
Jun 5 07:41:31 xxx nrpe[10807]: Error: Request contained command arguments!
Jun 5 07:41:31 xxx nrpe[10807]: Client request was invalid, bailing out...

因此需要在被監控端要做的事:
1. 重新編譯安裝 nrpe 帶這個參數 –enable-command-args 讓編譯後的 nrpe 可以接收參數。

./configure --enable-command-args;make all ;make install
#####allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!

2. 編輯 /usr/local/nagios/etc/nrpe.cfg 設定檔 :

dont_blame_nrpe=1 #打開參數傳遞功能
...........................
...
command[check_pingtest]=/usr/local/nagios/libexec/check_ping -H $ARG1$ -w 1500,100% -c 2000,100% -p $ARG2$ -t 10 #宣告帶參數的檢查命令

Nagios Server 服務端測試:

[root@xxx ~]# /usr/local/nagios/libexec/check_nrpe -H 2.xx.xx.xx -c "check_pingtest" -a 1.2.3.4 10

測試ok 返回結果:PING OK – Packet loss = 0%, RTA = 53.43 ms|rta=53.426998ms;1500.000000;2000.000000;0.000000 pl=0%;100;100;0
Note:ping

由nrpe.cfg配置不當引起的CHECK_NRPE: Error -Could not complete SSL handshake

文章出處:由nrpe.cfg配置不當引起的CHECK_NRPE: Error -Could not complete SSL handshake

一般Linux都自帶了openssl和openssl-devel,並且系統iptables也不會阻攔5666端口通訊。我按照網上提供的步驟安裝nrpe,然後作為服務運行,然後運行檢查命令 check_nrpe -H ip,結果發現
繼續閱讀

Nagios NRPE Addon Installation and Configuration (Ubuntu or Debian)

From: http://debianclusters.org/index.php/Nagios_NRPE_Addon_Installation_and_Configuration

安裝 NRPE 及 nagios-plugins

apt-get install nagios-nrpe-server

apt-get install nagios-plugins

允許 Nagios Server Check_NRPE

vim /etc/nagios/nrpe_local.cfg

allowed_hosts=<Nagios host IP>

設定 NRPE 檢查令命

vim /etc/nagios/nrpe.cfg

設定 nrpe command 格式如下

command[<command name>]=<full path to plugin and any arguments>

重新啟重 NRPE

/etc/init.d/nagios-nrpe-server restart

Openfiler Install NRPE

Install NAGIOS Client (NRPE) ON OPENFILER

from:https://forums.openfiler.com/viewtopic.php?pid=17843

=========================================

INSTALL Compiler Dependency
—————————
conary update gcc (a C-Compilter to compile the NRPE)
conary update glibc:devel
conary update openssl:devel
conary update xinetd

繼續閱讀