You are here

check_docker not playing nice

5 posts / 0 new
Last post
j.j.d.e.lammerts
j.j.d.e.lammerts's picture
check_docker not playing nice

Hi,

We're running Opsview 4.6.3.15643 and would like to monitor some docker services.

I followed the instructions on http://docs.opsview.com/doku.php?id=opsview4.6:opspacks:templates:docker

but all checks return a cryptic error :

140467304564672:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('%NRPE_CERTIFICATES:2%','r')
140467304564672:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
140467304564672:error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib:ssl_rsa.c:648:

The only thing different in those three lines appears to be the number at the beginning of each line.

 

Any suggestions, please ?

(I'm testing this on our test environment, Iron subscription, machine UUID 7DF8C1F2-793E-11E4-AAB9-AC84A700484C)

Regards,

Hans

Duncan Ferguson
dferguson's picture
Seeing '%NRPE_CERTIFICATES:2%

Seeing '%NRPE_CERTIFICATES:2%','r' in the error suggests that NRPE is trying to read a certificate file for the authentication with the agent.  Are you using certificates in this way?

Is the above output from 'Test Servicecheck'?  Can you use 'Test Servicehceck' and remove references to NRPE_CERTIFICATES from the command?

Can you provide the output from running the command by hand?

  Duncs

j.j.d.e.lammerts
j.j.d.e.lammerts's picture
Hi,

Hi,

Thanks for answering so quickly.

The default installation obviously comes with these NRPE_CERTIFICATES things configured.

When I remove all three NRPE_CERTIFICATES variables from the test servicecheck, calling the service like this :

-H $HOSTADDRESS$ -c check_docker -a '-l CPU -C %DOCKER_CONTAINER% -c 95 -w 75 -t %DOCKER_OPTS:1% --port=%DOCKER_OPTS:2% --url_prefix=%DOCKER_OPTS:3%'

I now get different output :

$ check_nrpe -H '172.24.195.173' -c check_docker -a '-l CPU -C tokenserver_admin_1 -c 95 -w 75 -t 15 --port=4243 --url_prefix=http://127.0.0.1'
RETURN CODE: 2 (CRITICAL)
OUTPUT:
NRPE: Unable to read output

 

This must be because of the fact the servicecheck is trying to communicate over port 4243, a port we don't use.

When I look at the docker processes, I can see this (e.g :

docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 7443 -container-ip 172.17.0.7 -container-port 8443
docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8080 -container-ip 172.17.0.7 -container-port 8080
docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 7801 -container-ip 172.17.0.7 -container-port 7801
docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 7800 -container-ip 172.17.0.7 -container-port 7800

Should I be using the host-port or the container-port for this check to work properly ?

Regards,

Hans

j.j.d.e.lammerts
j.j.d.e.lammerts's picture
Hi,

Hi,

Thanks for answering so quickly.

The default installation obviously comes with these NRPE_CERTIFICATES things configured.

When I remove all three NRPE_CERTIFICATES variables from the test servicecheck, calling the service like this :

-H $HOSTADDRESS$ -c check_docker -a '-l CPU -C %DOCKER_CONTAINER% -c 95 -w 75 -t %DOCKER_OPTS:1% --port=%DOCKER_OPTS:2% --url_prefix=%DOCKER_OPTS:3%'

I now get different output :

$ check_nrpe -H '172.24.195.173' -c check_docker -a '-l CPU -C tokenserver_admin_1 -c 95 -w 75 -t 15 --port=4243 --url_prefix=http://127.0.0.1' RETURN CODE: 2 (CRITICAL) OUTPUT: NRPE: Unable to read output

 

This must be because of the fact the servicecheck is trying to communicate over port 4243, a port we don't use.

When I look at the docker processes, I can see this (e.g :

docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 7443 -container-ip 172.17.0.7 -container-port 8443
docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8080 -container-ip 172.17.0.7 -container-port 8080
docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 7801 -container-ip 172.17.0.7 -container-port 7801
docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 7800 -container-ip 172.17.0.7 -container-port 7800

Should I be using the host-port or the container-port for this check to work properly ?

Regards,

Hans

Duncan Ferguson
dferguson's picture
The correfct port to use is

The correfct port to use is the one specified in the Docker options.  From our docs, when using

DOCKER_OPTS="--dns 8.8.8.8 -H 127.0.0.1:4243 -H unix:///var/run/docker.sock"

for version 1.5+, this would be port 4243.  It is the port to talk to the main Docker process on the server, not to an individual container.

  Duncs