jail related nagios issues

dvl@

Developer
I am not really sure of why there was a problem or convinced that the solution was the correct one.

I recently upgraded a jail server to 8.0-stable. The jail userland was also updated. The jail runs the net-mgmt/nrpe port which Nagios communicates with to determine various system status.

The following command is run within the jail and connects to itself:

Code:
[root@ducky /usr/local/libexec/nagios]# ./check_nrpe2 -H 10.55.0.20 -c check_disks
DISK OK - free space: / 54451 MB (42% inode=93%);| /=75156MB;140858;140868;0;140878
[root@ducky /usr/local/libexec/nagios]#

From the host system:

Code:
$ ./check_nrpe2 -H 10.55.0.20 -c check_disks
CHECK_NRPE: Socket timeout after 10 seconds.

With the following added to /var/log/messages on the jail (10.55.0.20):

Code:
Dec  5 23:19:22 ducky nrpe[540]: Could not read request from client, bailing out...

Here come the clue.

From another system, the same command fails:

Code:
$ ./check_nrpe2 -H 10.55.0.20 -c check_disks
CHECK_NRPE: Error - Could not complete SSL handshake.

Checking the logs this time:

Code:
Dec  5 23:25:52 ducky nrpe[8060]: Host 10.55.0.23 is not allowed to talk to us!

Altering /usr/local/etc/nrpe.cfg to add the above host and restarting nrpe2 in the jail, we get:

Code:
./check_nrpe2 -H 10.55.0.20 -c check_disks
DISK OK - free space: / 54451 MB (42% inode=93%);| /=75156MB;140858;140868;0;140878


So.. We can access the jail from another system, but not from the jail host system.

solution: recompile nrpe and start it. This solution worked on two jails on two diferent jail hosts.
 
Back
Top