Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gentoo - openrc-init not working #165

Closed
box293 opened this issue Sep 13, 2017 · 4 comments
Closed

Gentoo - openrc-init not working #165

box293 opened this issue Sep 13, 2017 · 4 comments

Comments

@box293
Copy link
Contributor

box293 commented Sep 13, 2017

Installing NRPE 3.2.1 on Gentoo using openrc-init produces the following error in syslog:

Sep 13 09:53:33 gt01 nrpe[5320]: Starting up daemon
Sep 13 09:53:33 gt01 nrpe[5320]: Error: NRPE daemon cannot be run as user/group root!
Sep 13 09:53:40 gt01 /etc/init.d/nrpe[5344]: status: crashed

I'm not 100% sure what is going on, having a look at the /etc/init.d/nrpe script:

#!/sbin/openrc-run
#
# Copyright (c) 2017 Nagios(R) Core(TM) Development Team
#

command="/usr/local/nagios/bin/nrpe"
command_args="--config=${NRPE_CFG} ${NRPE_OPTS}"
command_args_background="--daemon"
description="Nagios Remote Plugin Executor (NRPE) daemon"
extra_started_commands="reload"
pidfile="/usr/local/nagios/var/nrpe.pid"

reload() {
    ebegin "Reloading ${SVCNAME}"
    start-stop-daemon --signal HUP --pidfile "${pidfile}"
    eend $?
}

I assume that ${NRPE_CFG} and ${NRPE_OPTS} are being passed to the script but I'm not entirely sure how.

I looked at the file in the run directory:

gt01 nrpe-nrpe-3.2.1 # cat /run/openrc/daemons/nrpe/001 
exec=/usr/local/nagios/bin/nrpe
argv_0=/usr/local/nagios/bin/nrpe
argv_1=--config=
argv_2=--daemon
pidfile=/usr/local/nagios/var/nrpe.pid

So I added the following lines to the /etc/init.d/nrpe script before the command line:

NRPE_CFG="/usr/local/nagios/etc/nrpe.cfg"
NRPE_OPTS=""

Then I typed these commands:

gt01 nrpe-nrpe-3.2.1 # rm /run/openrc/daemons/nrpe/001 
gt01 nrpe-nrpe-3.2.1 # service nrpe start
 * WARNING: nrpe has already been started
gt01 nrpe-nrpe-3.2.1 # service nrpe status
 * status: started
gt01 nrpe-nrpe-3.2.1 # cat /run/openrc/daemons/nrpe/001 
cat: /run/openrc/daemons/nrpe/001: No such file or directory
gt01 nrpe-nrpe-3.2.1 # ls -la /usr/local/nagios/var/nrpe.pid
ls: cannot access '/usr/local/nagios/var/nrpe.pid': No such file or directory
gt01 nrpe-nrpe-3.2.1 # service nrpe status
 * status: started
gt01 nrpe-nrpe-3.2.1 # service nrpe stop
 * Caching service dependencies ...                                                                            [ ok ]
 * Stopping nrpe ...                                                                                           [ ok ]
gt01 nrpe-nrpe-3.2.1 # service nrpe status
 * status: stopped
gt01 nrpe-nrpe-3.2.1 # service nrpe start
 * Starting nrpe ...                                                                                           [ ok ]
gt01 nrpe-nrpe-3.2.1 # service nrpe status
 * status: started
gt01 nrpe-nrpe-3.2.1 # cat /run/openrc/daemons/nrpe/001 
exec=/usr/local/nagios/bin/nrpe
argv_0=/usr/local/nagios/bin/nrpe
argv_1=--config=/usr/local/nagios/etc/nrpe.cfg
argv_2=--daemon
pidfile=/usr/local/nagios/var/nrpe.pid
gt01 nrpe-nrpe-3.2.1 # /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
NRPE v3.2.1

Seems to be working now.

After enabling the service to start of boot and restarting the machine it works OK:

gt01 nrpe-nrpe-3.2.1 # rc-update add nrpe default
 * service nrpe added to runlevel default
gt01 nrpe-nrpe-3.2.1 # reboot
.....
gt01 ~ # /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
NRPE v3.2.1

@orlitzky your thoughts.

Here's the full output of my build process:

gt01 tmp # cd nrpe-nrpe-3.2.1/
gt01 nrpe-nrpe-3.2.1 # ./configure --enable-command-args
checking for a BSD-compatible install... /usr/bin/install -c
checking what the operating system is ... linux
checking what the distribution type is ... gentoo
checking what init system is being used ... openrc
checking what inetd is being used ... unknown
checking for which paths to use ... default
checking for which init file to use ... openrc-init
checking for which inetd files to use ... unknown
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether make sets $(MAKE)... yes
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking whether time.h and sys/time.h may both be included... yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking ctype.h usability... yes
checking ctype.h presence... yes
checking for ctype.h... yes
checking dirent.h usability... yes
checking dirent.h presence... yes
checking for dirent.h... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking grp.h usability... yes
checking grp.h presence... yes
checking for grp.h... yes
checking for inttypes.h... (cached) yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking pwd.h usability... yes
checking pwd.h presence... yes
checking for pwd.h... yes
checking signal.h usability... yes
checking signal.h presence... yes
checking for signal.h... yes
checking for stdint.h... (cached) yes
checking for strings.h... (cached) yes
checking for string.h... (cached) yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking tcpd.h usability... no
checking tcpd.h presence... no
checking for tcpd.h... no
checking for unistd.h... (cached) yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking socket.h usability... no
checking socket.h presence... no
checking for socket.h... no
checking for sys/types.h... (cached) yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking sys/resource.h usability... yes
checking sys/resource.h presence... yes
checking for sys/resource.h... yes
checking for sys/wait.h... (cached) yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking for sys/stat.h... (cached) yes
checking paths.h usability... yes
checking paths.h presence... yes
checking for paths.h... yes
checking for an ANSI C-conforming const... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for mode_t... yes
checking for pid_t... yes
checking for size_t... yes
checking return type of signal handlers... void
checking for uid_t in sys/types.h... yes
checking type of array argument to getgroups... gid_t
checking size of int... 4
checking size of short... 2
checking size of long... 4
checking for uint32_t... yes
checking for u_int32_t... yes
checking for int32_t... yes
checking for struct sockaddr_storage... yes
checking for seteuid... yes
checking for va_copy... yes
checking for vsnprintf... yes
checking for snprintf... yes
checking for asprintf... yes
checking for vasprintf... yes
checking for C99 vsnprintf... yes
checking for getopt_long... yes
checking for main in -lnsl... yes
checking for socket in -lsocket... no
checking for main in -lwrap... no
checking for strdup... yes
checking for strstr... yes
checking for strtoul... yes
checking for strtok_r... yes
checking for initgroups... yes
checking for closesocket... no
checking for sigaction... yes
checking for scandir... yes
checking for socklen_t... yes
checking for type of socket size... size_t
checking for Kerberos include files... configure: WARNING: could not find include files
checking for pkg-config... pkg-config
checking whether compiling and linking against SSL works... yes
checking for openssl... /usr/bin/openssl

*** Generating DH Parameters for SSL/TLS ***
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.....................................................+................................................................+...................................+....................................+.................................................................................................................................................+...............................................................................................+..........................................+...............................................................................+...............................................................................................................+............................................................................................................................................................................................................................................................................+...........................................................................+................+..................+.....................................................................................+.......................................................................................................................+..........................................................................................................................+.........................................................................+...............................+...................................+..........+.....................+..............+...................+.....................................................+..........................................+...........................................................................................................................+..............................................................................................+.+......+.+............................+....................................................................+......................................................................................................................................................................+.................................................................................+.....................................................................................................................................................................................................................................................+.........+...........................................................................................................................................+..................................................................................................+.............................................+........................................................................................................................................+.......................................................................................................................+..............+.................+....................................................+..................................................................................+.....................................................................+..................................................................................................................................................................................................+...................................+................................................+.................+.............................................+...........................................................................................................................................+.+..........+..........................................................................................++*++*
checking for perl... /usr/bin/perl
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating nrpe.spec
config.status: creating uninstall
config.status: creating sample-config/nrpe.cfg
config.status: creating startup/bsd-init
config.status: creating startup/debian-init
config.status: creating startup/default-init
config.status: creating startup/default-inetd
config.status: creating startup/default-service
config.status: creating startup/default-socket
config.status: creating startup/default-socket-svc
config.status: creating startup/default-xinetd
config.status: creating startup/mac-init.plist
config.status: creating startup/mac-inetd.plist
config.status: creating startup/newbsd-init
config.status: creating startup/openbsd-init
config.status: creating startup/openrc-conf
config.status: creating startup/openrc-init
config.status: creating startup/solaris-init.xml
config.status: creating startup/solaris-inetd.xml
config.status: creating startup/tmpfile.conf
config.status: creating startup/upstart-init
config.status: creating startup/rh-upstart-init
config.status: creating include/common.h
config.status: creating include/config.h


*** Configuration summary for nrpe 3.2.1 2017-09-01 ***:

 General Options:
 -------------------------
 NRPE port:    5666
 NRPE user:    nagios
 NRPE group:   nagios
 Nagios user:  nagios
 Nagios group: nagios


Review the options above for accuracy.  If they look okay,
type 'make all' to compile the NRPE daemon and client
or type 'make' to get a list of make options.

gt01 nrpe-nrpe-3.2.1 # make all
cd ./src/; make
make[1]: Entering directory '/var/tmp/nrpe-nrpe-3.2.1/src'
gcc -g -O2  -DHAVE_CONFIG_H -I ../include -I ./../include -o nrpe ./nrpe.c ./utils.c ./acl.c -lssl -lcrypto  -lnsl   
gcc -g -O2  -DHAVE_CONFIG_H -I ../include -I ./../include -o check_nrpe ./check_nrpe.c ./utils.c -lssl -lcrypto  -lnsl  
./check_nrpe.c: In function ‘read_packet’:
./check_nrpe.c:1352:13: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘unsigned int’ [-Wformat=]
      printf("CHECK_NRPE: Receive header underflow - only %d bytes received (%ld expected).\n", rc, sizeof(bytes_to_r
             ^
./check_nrpe.c:1424:12: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘unsigned int’ [-Wformat=]
     printf("CHECK_NRPE: Receive underflow - only %d bytes received (%ld expected).\n", rc, sizeof(buffer_size));
            ^
./check_nrpe.c:1440:13: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘unsigned int’ [-Wformat=]
      printf("CHECK_NRPE: Receive header underflow - only %d bytes received (%ld expected).\n", rc, sizeof(bytes_to_r
             ^
./check_nrpe.c:1529:13: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘unsigned int’ [-Wformat=]
      printf("CHECK_NRPE: Receive buffer size - %ld bytes received (%ld expected).\n", (long)bytes_read, sizeof(buffe
             ^
./check_nrpe.c:1531:13: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘unsigned int’ [-Wformat=]
      printf("CHECK_NRPE: Receive underflow - only %ld bytes received (%ld expected).\n", (long)bytes_read, sizeof(bu
             ^
make[1]: Leaving directory '/var/tmp/nrpe-nrpe-3.2.1/src'

*** Compile finished ***

You can now continue with the installation or upgrade process.

Read the PDF documentation (docs/NRPE.pdf) for information on the next
steps you should take to complete the installation or upgrade.

gt01 nrpe-nrpe-3.2.1 # make install-groups-users
groupadd -r nagios
useradd -r -g nagios nagios
gt01 nrpe-nrpe-3.2.1 # 
gt01 nrpe-nrpe-3.2.1 #  make install
cd ./src/; make install
make[1]: Entering directory '/var/tmp/nrpe-nrpe-3.2.1/src'
make install-plugin
make[2]: Entering directory '/var/tmp/nrpe-nrpe-3.2.1/src'
/usr/bin/install -c -m 755 -d /usr/local/nagios/bin
/usr/bin/install -c -m 755 ../uninstall /usr/local/nagios/bin/nrpe-uninstall
/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/libexec
/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/libexec
/usr/bin/install -c -m 775 -o nagios -g nagios check_nrpe /usr/local/nagios/libexec
make[2]: Leaving directory '/var/tmp/nrpe-nrpe-3.2.1/src'
make install-daemon
make[2]: Entering directory '/var/tmp/nrpe-nrpe-3.2.1/src'
/usr/bin/install -c -m 755 -d /usr/local/nagios/bin
/usr/bin/install -c -m 755 ../uninstall /usr/local/nagios/bin/nrpe-uninstall
/usr/bin/install -c -m 755 nrpe /usr/local/nagios/bin
/usr/bin/install -c -m 755 -o nagios -g nagios -d /usr/local/nagios/var
make[2]: Leaving directory '/var/tmp/nrpe-nrpe-3.2.1/src'
make[1]: Leaving directory '/var/tmp/nrpe-nrpe-3.2.1/src'
gt01 nrpe-nrpe-3.2.1 # 
gt01 nrpe-nrpe-3.2.1 #  make install-config
/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/etc
/usr/bin/install -c -m 644 -o nagios -g nagios sample-config/nrpe.cfg /usr/local/nagios/etc
gt01 nrpe-nrpe-3.2.1 # 
gt01 nrpe-nrpe-3.2.1 #  echo >> /etc/services
gt01 nrpe-nrpe-3.2.1 # echo '# Nagios services' >> /etc/services
gt01 nrpe-nrpe-3.2.1 # echo 'nrpe    5666/tcp' >> /etc/services
gt01 nrpe-nrpe-3.2.1 # 
gt01 nrpe-nrpe-3.2.1 #  make install-init
/usr/bin/install -c -m 755 startup/openrc-init /etc/init.d/nrpe
Make sure to enable the nrpe daemon
gt01 nrpe-nrpe-3.2.1 # 
gt01 nrpe-nrpe-3.2.1 #  sed -i '/^allowed_hosts=/s/$/,10.25.0.0\/16/' /usr/local/nagios/etc/nrpe.cfg
gt01 nrpe-nrpe-3.2.1 # sed -i 's/^dont_blame_nrpe=.*/dont_blame_nrpe=1/g' /usr/local/nagios/etc/nrpe.cfg
gt01 nrpe-nrpe-3.2.1 # service nrpe start
 * Caching service dependencies ...                                                                            [ ok ]
 * Starting nrpe ...                                                                                           [ ok ]
gt01 nrpe-nrpe-3.2.1 # 
gt01 nrpe-nrpe-3.2.1 # service nrpe status
 * status: crashed
gt01 nrpe-nrpe-3.2.1 # tail /var/log/syslog
Sep 13 09:50:52 gt01 syslogd 1.5.1: restart.
Sep 13 09:50:52 gt01 run-crons[4936]: (root) CMD (/etc/cron.weekly/syslog)
Sep 13 09:50:53 gt01 syslogd 1.5.1: restart.
Sep 13 09:53:33 gt01 nrpe[5320]: Starting up daemon
Sep 13 09:53:33 gt01 nrpe[5320]: Error: NRPE daemon cannot be run as user/group root!
Sep 13 09:53:40 gt01 /etc/init.d/nrpe[5344]: status: crashed
@orlitzky
Copy link
Contributor

You need the conf file startup/openrc-conf, which gets built from startup/openrc-conf.in. OpenRC automatically sources the script at /etc/conf.d/foo when it runs /etc/init.d/foo. The init script is expecting the NRPE_CFG and NRPE_OPTS variables to be set, (as you've seen), so we need that conf file to be installed by default, too.

This probably just needs one more line in make install-init to copy that openrc-conf file to /etc/conf.d.

@orlitzky
Copy link
Contributor

This probably just needs one more line in make install-init to copy that openrc-conf file to /etc/conf.d.

Another option would be to set a default value for NRPE_CFG right at the top of the init script.

@orlitzky orlitzky mentioned this issue Sep 28, 2017
Merged
@orlitzky
Copy link
Contributor

Try this:

#170

It should work even without the conf.d file.

@box293
Copy link
Contributor Author

box293 commented Oct 4, 2017

Tested and it fixed the issue, thanks very much @orlitzky.

I'm sure @hedenface will merge and close this issue.

@sawolf sawolf closed this as completed in e5de53e Jan 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@orlitzky @box293