check_nrpe -H <<Host>> always return "connection refused"

[aryak007]

I have the nagios server up and running (I have checked it thoroughly) along with the nagios client on my Host <<192.168.43.110>>. I have also tried to ping the container's locahost

And I get the same problem again

Also, the web interface of Nagios Core shows perfectly the two hosts (192.168.43.110 and localhost), but I am unable to check with the check_nrpe command.

I believe this is something specific to this container which is causing the problem. Any ideas?

[srstsavage]

Do you have allowed_hosts set in nrpe's config (try /etc/nagios/nrpe_local.cfg or /usr/local/nagios/etc/nrpe.cfg on the server you're trying to monitor (192.168.43.110)?

https://cyruslab.net/2012/10/24/adding-allowed-list-to-nrpe-cfg/

You'll need to reload the nrpe service after changes to the conf file.

[aryak007]

Yes, I have allowed_hosts set and I have restarted the nrpe service using brew after making the changes
brew restart nrpe.
Also, I must again mention that I'm able to view my hosts' details (both localhost and this host) through the Nagios core web interface. Similarly, localhost also doesn't work which seems pretty strange since all its settings came along with the container.

What might be wrong?

[srstsavage]

Can you try running the Nagios docker container with host networking? docker run ... --net host ...

[JasonRivers]

On the client running the nrpe server (192.168.43.110) could you run netstat -l -v | grep 5666

$ netstat -l -n  | grep 5666
tcp        0      0 0.0.0.0:5666            0.0.0.0:*               LISTEN     

Is the host 192.168.43.110 the system that's running the docker container? How is the nrpe daemon running? did you install from a package manager or compile from source?

Do you have a firewall configured? can you paste the output of iptables -L?

I don't expect that a check_nrpe -H localhost will work from within the container, as the nrpe daemon isn't running within the container unless you've set it to do so.

[aryak007]

Its working now. Thanks. But the postfix mail service inside the container is unable to send any emails. Please let me know if I'm missing something.

[JasonRivers]

Glad you have this running see issue #28 for the mail - I'll be looking in to this hopefully this week as part of the upgrade to some other parts (nagios plugins)

[aryak007]

Jason, I have gone through this thread. Yeah, please let me know if you can figure something out over the weekend.

…

On 20 Apr 2017 1:25 p.m., "Jason Rivers" ***@***.***> wrote: Glad you have this running see issue #28 <#28> for the mail - I'll be looking in to this hopefully this week as part of the upgrade to some other parts (nagios plugins) — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#26 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFvqjBXb1l4dLzpAWB93bOUj78M3_3gPks5rxw-FgaJpZM4MUf8m> .

[aryak007]

@JasonRivers I'm reopening the issue because I'm still facing this if I run it from within the container.

Can you elaborate more on this statement of yours, "I don't expect that a check_nrpe -H localhost will work from within the container, as the nrpe daemon isn't running within the container unless you've set it to do so." ? What needs to be done?

Thanks

[JasonRivers]

NRPE is designed to execute check_ commands on a REMOTE server, as a result NRPE has 2 parts to it, the client (check_nrpe) and the server (nrpe).

nrpe (server) listens on port 5666 by default when it's run, and the client talks to this to run commands remotely.

The Docker container does not itself run the nrpe server (nagios has access to any checks directly, you don't need to run a remote execution to the local machine that is running nagios). The container only has the client check_nrpe, you would have to run nrpe on the remote system and set -H $HOSTNAME to be the host of the remote server (not localhost).

In order to run the NRPE server within the docker container (not recommended) you will need to build it with the following:

cd /tmp/nrpe
make nrpe

This will put a binary in /tmp/nrpe/src/nrpe - you will need to run this and give it a config file (see /tmp/nrpe/sample-config/nrpe.cfg) to run this - This way your "localhost" will work. However As the nagios system already has access to all the check commands on the local system this isn't needed at all, the nrpe server should be run on the remote systems that you wish to monitor.

[aryak007]

@JasonRivers Thanks Jason for the awesome explanation. I was able to make it work. Now, when I'm trying to run a check on a remote host using the NRPE plugin, I run in this error NRPE: Unable to read output .I googled it and I found that the nagios user might not have a permission to execute the script.

Another point which I must also mention is that the checks work just fine when executed on the remote Host. So the problem boils down to the fact that the user which is trying to run the check using the NRPE plugin does not have proper privileges. Any idea on how I can resolve it in context to this docker container?

P.S> - I'm trying to run something like ./check_nrpe -H 10.208.151.23 -c check_users -w 5 -c 10
Thanks

[aryak007]

Although, the version check with NRPE plugin is working fine

./check_nrpe -H 10.208.151.23 and it returns NRPE v2.15.