1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

jail related nagios issues

Discussion in 'Networking' started by dvl@, Dec 5, 2009.

  1. dvl@

    dvl@ Member Developer

    Messages:
    414
    Thanks Received:
    17
    I am not really sure of why there was a problem or convinced that the solution was the correct one.

    I recently upgraded a jail server to 8.0-stable. The jail userland was also updated. The jail runs the net-mgmt/nrpe port which Nagios communicates with to determine various system status.

    The following command is run within the jail and connects to itself:

    Code:
    [root@ducky /usr/local/libexec/nagios]# ./check_nrpe2 -H 10.55.0.20 -c check_disks
    DISK OK - free space: / 54451 MB (42% inode=93%);| /=75156MB;140858;140868;0;140878
    [root@ducky /usr/local/libexec/nagios]#


    From the host system:

    Code:
    $ ./check_nrpe2 -H 10.55.0.20 -c check_disks
    CHECK_NRPE: Socket timeout after 10 seconds.


    With the following added to /var/log/messages on the jail (10.55.0.20):

    Code:
    Dec  5 23:19:22 ducky nrpe[540]: Could not read request from client, bailing out...


    Here come the clue.

    From another system, the same command fails:

    Code:
    $ ./check_nrpe2 -H 10.55.0.20 -c check_disks
    CHECK_NRPE: Error - Could not complete SSL handshake.


    Checking the logs this time:

    Code:
    Dec  5 23:25:52 ducky nrpe[8060]: Host 10.55.0.23 is not allowed to talk to us!


    Altering /usr/local/etc/nrpe.cfg to add the above host and restarting nrpe2 in the jail, we get:

    Code:
    ./check_nrpe2 -H 10.55.0.20 -c check_disks
    DISK OK - free space: / 54451 MB (42% inode=93%);| /=75156MB;140858;140868;0;140878



    So.. We can access the jail from another system, but not from the jail host system.

    solution: recompile nrpe and start it. This solution worked on two jails on two diferent jail hosts.
     
    liontaur thanks for this.