Thank you for the information. Made a couple config changes to run via nrpe
and results below. Although still unclear based on the documentation where
the variables needed to invoke nrpe command to run on remote server.
[image: Inline image 1]
*baschisp02.conf*
object Service "Check_PS" {
host_name = "baschisp02"
check_command = "nrpe"
vars.nrpe_command = "check_hp_ps"
vars.nrpe_port = "5666"
*/etc/sudoers*
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
icinga ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING,
PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
%icinga ALL=(ALL) NOPASSWD:ALL
#
# Disable "ssh hostname sudo <cmd>", because it will show the password in
clear.
# You have to run "ssh -t hostname sudo <cmd>".
#
Defaults !requiretty
On Thu, Jul 20, 2017 at 10:51 PM, Gerald Vogt <v...@spamcop.net> wrote:
>
>
> On 20.07.17 20:50, Garrett Pye wrote:
>
>> Existing Linux server environment already has custom PERL plugins
>> established reporting to Nagios via NRPE. In setting up Icinga environment
>> to invoke the same utilities do these have to migrate to the
>> /usr/lib64/nagios/plugins directory or can they be run on the server
>> itself? (I assume that would be satellite configuration).
>>
>
> These are two completely different things:
>
> Checks running on the icinga server itself can be anywhere. Following the
> general directory layout, however, is as always recommended.
>
> You should never install anything into the distribution /usr directories.
> I would always keep all those directories for installation from packages
> only. Mixing in your own local installations there makes it hard to find
> them and at worst may be overwritten at any time by a package which happens
> to use the same file name.
>
> Install your own scripts into /usr/local (or /opt), i.e.
> /usr/local/lib64/nagios/plugins. If you use RHEL7/CentOS7 with SeLinux I
> highly recommend /usr/local as it automatically applies the same security
> contexts to /usr/local.
>
> If you need to run checks on a remote server you can either install icinga
> on the remote server and use a satellite there or you can run checks
> through a ssh connection or nrpe. As you seem to have nrpe already running
> on the remote end you can use that, i.e. icinga connects through nrpe to
> the remote server and executes the checks there.
>
> I did move one plugin to the directory to test it but received output as
>> displayed and not all the information this plug in displays.
>>
>> Inline image 2
>>
>
> The script you call needs root privileges and does sudo to get those. If
> you need this then you should allow this in sudoers with NOPASSWD and
> !requiretty. Of course, be extremely careful that you only allow the
> command required and that the command called cannot be easily exploited for
> other purposes as it's running as root.
>
> The other question looking through the documentation is a number of the
>> plugins require to run with root privileges.
>>
>> *COMMANDS.CONF*
>> object CheckCommand "check_hp_ps" {
>> command = [ PluginDir + "/check_hp_ps" ]
>>
>> }
>>
>
> That depends on the check script. Some checks from nagios-plugins use
> setuid root programs. Otherwise you may need a wrapper script which uses
> sudo. But that really depends on the script and what you need.
>
> -Gerald
>
>
>> *SERVICES.CONF*
>> apply Service "Check_PS" {
>> check_command = "check_hp_ps"
>>
>> assign where host.name <http://host.name> == NodeName
>> }
>>
>>
>> //Garrett
>>
>>
>> _______________________________________________
>> icinga-users mailing list
>> icinga-users@lists.icinga.org
>> https://lists.icinga.org/mailman/listinfo/icinga-users
>>
>> _______________________________________________
> icinga-users mailing list
> icinga-users@lists.icinga.org
> https://lists.icinga.org/mailman/listinfo/icinga-users
>
_______________________________________________
icinga-users mailing list
icinga-users@lists.icinga.org
https://lists.icinga.org/mailman/listinfo/icinga-users
