You are here

check_nrpe to run check_yum fails, but check_by_ssh succeeds - how do I get check_nrpe to succeed?

2 posts / 0 new
Last post
deb
deb's picture
check_nrpe to run check_yum fails, but check_by_ssh succeeds - how do I get check_nrpe to succeed?

We use check_yum to monitor Centos hosts for when pkgs need to be upgraded.  We have done this for many years.  I've recently built new monitoring hosts running Opsview v4.4.1 on Centos 6.5.  The master and slaves generally monitor each other using nrpe - and as long as the check_ command doesn't need to run as root, everything is peachy.

Enter check_yum which doesn't want to run as the nagios user.  On the target host /etc/sudoers has the following lines added:

nagios  ALL=(ALL)   NOPASSWD: /usr/local/nagios/libexec/check_yum
nagios  ALL=(ALL)   NOPASSWD: /usr/local/nagios/libexec/check_yum --warn-on-any-update

And nrpe is running:

# ps aux|grep nrpe|grep -v grep 
nagios   19099  0.0  0.0  39240  1316 ?        Ss   16:40   0:00 /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

/usr/local/nagios/etc/nrpe.cfg contains:

command[check_users]=/usr/local/nagios/libexec/check_users $ARG1$
command[check_load]=/usr/local/nagios/libexec/check_load $ARG1$
command[check_disk]=/usr/local/nagios/libexec/check_disk $ARG1$
command[check_swap]=/usr/local/nagios/libexec/check_swap $ARG1$
command[check_procs]=/usr/local/nagios/libexec/check_procs $ARG1$
command[check_memory]=/usr/local/nagios/libexec/check_memory $ARG1$
command[check_yum]=/usr/local/nagios/libexec/check_yum $ARG1$
command[check_3ware_raid_1_1]=sudo /usr/local/nagios/libexec/check_3ware_raid_1_1 $ARG1$
command[check_bind]=sudo /usr/local/nagios/libexec/check_bind $ARG1$
command[check_file_age]=/usr/local/nagios/libexec/check_file_age $ARG1$
command[check_ntp_time]=/usr/local/nagios/libexec/check_ntp_time $ARG1$

Here's what happens when I run the command from the monitoring server to the target server (denoted in the command line below as xxx.xxx.xxx.xxx) using check_by_ssh:

[nagios ~]$ /usr/local/nagios/libexec/check_by_ssh -H xxx.xxx.xxx.xxx -t180 -i /local/nagios/.ssh/IT-freebsd1 -l nagios -C '/usr/bin/sudo /usr/local/nagios/libexec/check_yum --warn-on-any-update'
YUM WARNING: 0 Security Updates Available. 4 Non-Security Updates Available

Looks good.   Now, when I run this with check_nrpe, no joy:

[nagios ~]$ /usr/local/nagios/libexec/check_nrpe -t180 -H xxx.xxx.xxx.xxx -c check_yum -a ' --warn-on-any-update'
UNKNOWN: Security plugin for yum is required. Try to 'yum install yum-security' and then re-run this plugin. Alternatively, to just alert on any update which does not require the security plugin, try --all-updates

Note that this is a bogus error wrt the "security plugin" - the plugin is installed and the command works fine, as you can see by the execution from SSH, above. 

Other nrpe commands succeed to the target host.  It's just this particular command that is failing.  It appears that /etc/sudoers isn't being honored, maybe?  Or, I think there is a misconfiguration somewhere, but I'm at a loss for what else to twiddle with, since everything seems to be properly in place and working from the shell.  I've even restarted nrpe to be sure it's read the nrpe.cfg file.  I think I'm missing something, but what?

Thoughts anyone?  Answers would be even better! 

--deb--

deb
deb's picture
Re: check_nrpe to run check_yum fails, but check_by_ssh ...

Found a fix to the problem... Our older installation of Opsview has v2.12 of  check_nrpe.  Opsview v4.4.2 installs the v2.14 of the check_nrpe plugin.  It appears that the older version of check_nrpe runs quite well with the stated configuration in the problem, above.  The newer versions needs to have sudo specified on the command line of nrpe.cfg:

  command[check_yum]=sudo /usr/local/nagios/libexec/check_yum $ARG1$

And we're all fat, dumb happy - for now. Well, for check_yum.  Now on to solve other problems...

:-)