Comments (9)
Hi tezarin,
Your remote host will not receive requests from 172.17.0.27. It is behind
NAT for outside world. Use the docker host IP.
Thanks & Regards,
Rohit Gupta
http://www.rohit.io
(Sent from my phone)
On 08-Oct-2015 1:37 am, "tezarin" [email protected] wrote:
Hi all,
I have Shinken inside docker container running on a host. Then I have
remote hosts where I have NRPE installed. They are not on the same machine.
Docker IP address is 172.17.0.27 and then I installed the following
packages on the remote host:
apt-get install openssl nagios-nrpe-server nagios-plugins
nagios-plugins-basic nagios-plugins-standard
But when I run the check_nrpe command from inside the Shinken docker
container, I get the SSL handshake error:root@containerID:/usr/lib/nagios/plugins# ./check_nrpe -H 10.154.20.52
CHECK_NRPE: Error - Could not complete SSL handshake.
I changed the followings on my remote host is the allowed_hosts:
allowed_hosts=127.0.0.1,172.17.0.27
sudo echo 'dont_blame_nrpe=1' >> /etc/nagios/nrpe_local.cfg
Then rebooted the service: sudo service nagios-nrpe-server restartCan someone please let me know what I did wrong?
Thanks
—
Reply to this email directly or view it on GitHub
#8.
from docker_shinken.
Hi,
Thanks for your reply. I did what you said but still getting the same error. Did I have to install anything on the Shinken docker container? This is how I try to test the check_nrpe plugin from inside Shinken:
- cd /usr/lib/nagios/plugin
- ./check_nrpe -H ipoftheremotehost
And I get this error: CHECK_NRPE: Error - Could not complete SSL handshake.
I even ran this on the host where Shinken container is running on: iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 5666 -j ACCEPT
Thanks much
from docker_shinken.
I assume, you did restart nagios-nrpe-server after modifying configuration.
Please find a diagram, explaining the architecture in attachment.
Thanks & Regards,
Rohit Gupta
http://www.rohit.io
(Sent from my phone)
On 08-Oct-2015 9:22 pm, "tezarin" [email protected] wrote:
Hi,
Thanks for your reply. I did what you said but still getting the same
error. Did I have to install anything on the Shinken docker container? This
is how I try to test the check_nrpe plugin from inside Shinken:
- cd /usr/lib/nagios/plugin
- ./check_nrpe -H ipoftheremotehost
I even ran this on the host where Shinken container is running on:
iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 5666 -j ACCEPTThanks much
—
Reply to this email directly or view it on GitHub
#8 (comment)
.
from docker_shinken.
Thanks. Yes, I restarted it.
Couple of things I changed:
On the remote host, I commented out the nagios user and added a line for shinken user. Same for the group
#nrpe_user=nagios
nrpe_user=shinken
#nrpe_group=nagios
nrpe_group=shinken
Now, when I run check_nrpe inside the container, I get a connection refused error:
./check_nrpe -H localhost
connect to address ::1 port 5666: Connection refused
Then running nmap on the localhost outside the container returns that nmap is not even listed
And when I run nmap servername from the remote host, I see that port 5666 is being filtered:
5666/tcp filtered nrpe
On the server host where Shinken container is running, I don't see a firewall running:
sudo ufw status
Status: inactive
But I ran this anyway: iptables -A INPUT -p tcp --dport 5666 -j ACCEPT
Followed by sudo ufw reload
Which returns: Firewall not enabled (skipping reload)
Can you please help me figure it out?
Thanks
from docker_shinken.
Connection refused error is more of unable to connect problem. Usually
happens when NRPE is down.
Thanks & Regards,
Rohit Gupta
http://www.rohit.io
On Fri, Oct 9, 2015 at 2:15 AM, tezarin [email protected] wrote:
Thanks. Yes, I restarted it.
Couple of things I changed:
On the remote host, I commented out the nagios user and added a line for
shinken user. Same for the group
#nrpe_user=nagios
nrpe_user=shinken
#nrpe_group=nagios
nrpe_group=shinkenNow, when I run check_nrpe inside the container, I get a connection
refused error:
./check_nrpe -H localhost
connect to address ::1 port 5666: Connection refusedThen running nmap on the localhost outside the container returns that nmap
is not even listedAnd when I run nmap servername from the remote host, I see that port 5666
is being filtered:
5666/tcp filtered nrpeOn the server host where Shinken container is running, I don't see a
firewall running:
sudo ufw status
Status: inactiveBut I ran this anyway: iptables -A INPUT -p tcp --dport 5666 -j ACCEPT
Followed by sudo ufw reload
Which returns: Firewall not enabled (skipping reload)Can you please help me figure it out?
Thanks
—
Reply to this email directly or view it on GitHub
#8 (comment)
.
from docker_shinken.
from docker_shinken.
Thanks much, especially for the great diagram.
I checked from inside the container and looks like I'm not exposing the port 5666:
/usr/lib/nagios/plugins/check_nrpe -H localhost
connect to address ::1 port 5666: Connection refused
connect to address 127.0.0.1 port 5666: Connection refused
I ran this container the exact way your instruction says to run it meaning I did not expose port 5666 anywhere. But since it wasn't exposing the 5666 port, I tried running it like this:
docker run -d -v "$(pwd)/custom_configs:/etc/shinken/custom_configs" -p 5666:5666 -p 80:80 mynewimage:shinken
Now when I run netstat -ant on the host machine where docker container is running on, I see that the port 5666 is being listened to. But I still get the same error when I run the following command from inside the container:
./check_nrpe -H localhost
connect to address ::1 port 5666: Connection refused
connect to address 127.0.0.1 port 5666: Connection refused
And
./check_tcp -H localhost -p 5666
Connection refused
And when I run "nmap serverIPaddress" from the remote host, I see that port 5666 is being filtered.
And this is the nrpe user and group for that remote host:
egrep "nrpe_user|nrpe_group" /etc/nagios/nrpe.cfg
#nrpe_user=nagios
nrpe_user=nagios
#nrpe_group=nagios
nrpe_group=nagios
These are the packages I installed on the remote host:
apt-get install openssl nagios-nrpe-server nagios-plugins nagios-plugins-basic nagios-plugins-standard nagios-nrpe-plugin
Edit - I just installed: apt-get install nagios-nrpe-plugin
Ran: service nagios-nrpe-server restart
Now when I run ./check_nrpe -H localhost inside the container, I get the version back: NRPE v2.13
But I still can't get the check_nrpe to work on the remote host:
./check_nrpe -H [remote host IP]
CHECK_NRPE: Error - Could not complete SSL handshake.
/usr/lib/nagios/plugins# ./check_nrpe -H [remote host IP] -n
CHECK_NRPE: Error receiving data from daemon.
Not sure how to fix this, so any info will be much appreciated.
from docker_shinken.
Now on the server, I am able to run check_nrpe:
root@ContainerIP:/# /usr/lib/nagios/plugins/check_nrpe -H localhost
NRPE v2.13
But on the remote host, I get an error:
root@RemotehostIP:/# /usr/lib/nagios/plugins/check_nrpe -H 127.0.0.1
CHECK_NRPE: Error - Could not complete SSL handshake.
Did you guys have to change nrpe_user=nagios and nrpe_group=nagios to shinken user and group?
Thanks
from docker_shinken.
Did you guys have to change nrpe_user=nagios and nrpe_group=nagios to
shinken user and group?
No. This is not required. nagios user and group is fine.
Please follow this issue. Might help:
#5
Thanks & Regards,
Rohit Gupta
http://www.rohit.io
On Wed, Oct 14, 2015 at 12:24 AM, tezarin [email protected] wrote:
Now on the server, I am able to run check_nrpe:
root@ContainerIP:/# /usr/lib/nagios/plugins/check_nrpe -H localhostNRPE v2.13
But on the remote host, I get an error:
root@RemotehostIP:/# /usr/lib/nagios/plugins/check_nrpe -H 127.0.0.1
CHECK_NRPE: Error - Could not complete SSL handshake.Did you guys have to change nrpe_user=nagios and nrpe_group=nagios to
shinken user and group?Thanks
—
Reply to this email directly or view it on GitHub
#8 (comment)
.
from docker_shinken.
Related Issues (20)
- Dockerfile has issues with check_fping
- CRIT reaped unknown pid
- default user/password in README do not work HOT 2
- Instructions for setting up webservice HOT 2
- Monitoring Windows Machines
- Please update webui to webui2 interface HOT 4
- Use smaller base image HOT 3
- Enabling ConfigTool
- FROM debian:jessie HOT 2
- service packs HOT 4
- pip install fails
- sending mail HOT 1
- guide for Play with Docker
- graphs not available
- Shinken alwasy redirects to port 80 HOT 3
- How to set up Apache proxy
- How to run individual containers for scaling.? HOT 1
- not able to login as admin/admin HOT 2
- /var/log or /var/log/shinken should be a docker volume HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker_shinken.