Issues with check_by_ssh

Eduardo Montes de Oca S. edrendar at gmail.com
Fri Aug 17 19:50:40 CEST 2012


Hi James,

Excuse me for answering so far!

It's correct, I'm doing these checks for a Xenserver host; In fact, these
checks are for several Citrix Xenservers (more than 30).

That you wrote in the first paragraph, already did. I created a local
Nagios user on the Xenserver host with its ssh keys and on the Nagios
server in the same way:

###############
##Nagios server##
###############
*root at nagioserver:~# cat /etc/passwd | grep -i nagios*
*nagios:x:106:116::/var/lib/nagios:/bin/bash*
*
*
*nagios at nagioserver:~/.ssh$ ls -l*
*-rw-r--r-- 1 nagios nagios  399 2012-08-14 12:37 authorized_keys*
*-rw------- 1 nagios nagios 1675 2012-08-14 11:11 id_rsa*
*-rw-r--r-- 1 nagios nagios  402 2012-08-14 11:11 id_rsa.pub*
*-rw-r--r-- 1 nagios nagios  442 2012-08-14 11:08 known_hosts*

###############
##XENSERVER##
###############
*[root at ORL-XEN-02 ~]# cat /etc/passwd | grep -i nagi*
*nagios:$1$vBr1twsi$6AL.hoMnGK8T1WgZ0.Ov2/:500:500::/home/nagios:/bin/bash*
*
*
*[nagios at ORL-XEN-02 .ssh]$ ls -l*
*-rw------- 1 nagios nagios  402 Aug 14 12:51 authorized_keys*
*-rw------- 1 nagios nagios 1671 Aug 14 12:57 id_rsa*
*-rw-r--r-- 1 nagios nagios  399 Aug 14 12:57 id_rsa.pub*
*-rw-r--r-- 1 nagios nagios  788 Aug 14 13:00 known_hosts*

Also I use the "xentop" command to get the CPU results in my script, but I
had to set the sudoers file in the Xenserver because the "xentop" command
only root is be able to execute it.

This is the script and sudoers file.

*#!/bin/bash*
*CRITICAL_CPU='95'*
*WARNING_CPU='80'*
*
*
*#Porcentage de CPU en uso*
*cpu_stat=$(sudo /usr/sbin/xentop -bi2 | grep Domain-0 | awk '{print $4}' |
tail -1 | cut -d '.' -f1)*
*#cpu_stat='80'*
*
*
*#Evaluamos estado*
*if [ $cpu_stat -ge $CRITICAL_CPU ] ; then*
*echo “CRITICAL:CPU%= $cpu_stat”*
*exit 2*
*elif [ $cpu_stat -ge $WARNING_CPU ] ; then*
*echo “WARNING: CPU%= $cpu_stat”*
*exit 1*
*else*
*echo “OK:CPU%= $cpu_stat”*
*exit 0*
*fi*

######################################################

*## Allow root to run any commands anywhere*
*root      ALL=(ALL)       ALL*
*nagios  ALL=(ALL)       NOPASSWD:ALL*
*
*
*
*
By the terminal, all works fine:

>From Nagios server
*
*
*nagios at nagioserver:~$ /usr/lib/nagios/plugins/check_by_ssh -l nagios -H
172.16.31.2 -C "/usr/lib/nagios/plugins/check_Xencpu" -i
/var/lib/nagios/.ssh/id_rsa*
*“OK:CPU%= 3”*

>From Xenserver

*[nagios at ORL-XEN-02 plugins]$ ./check_Xencpu *
*“OK:CPU%= 5”*

In your second paragraph, What did you want to say with the resource.cfg?
Do you have an example? I don't understand very well.

Finally, the service definition is passing 4 arguments as the command
definition.

*command_line /usr/lib/nagios/plugins/check_by_ssh (1)-l '$ARG1$' (2)-H
'$HOSTADDRESS$' (3)-C '$ARG2$' (4)-i '$ARG3$'*
*check_command
 check_by_ssh_xentop!(1)root!(2)ipxenserver!(3)/usr/lib/nagios/plugins/check_Xencpu.sh!(4)/root/.ssh/id_rsa!
*
*
*

Help me!!! LOL xD

Eduardo



2012/8/16 James Osbourn <james.osbourn at citrix.com>

> I see that you are talking to a XenServer host.  I am performing something
> similar.  What I have had to do to achieve results is to create a local
> Nagios user on the XenServer host which has SSH keys to allow the server
> Nagios user to connect and avoid using any root SSH keys which the Nagios
> user is unlikely to be able to read.****
>
> ** **
>
> Once you have connected to the XenServer host check that the Nagios user
> can execute the commands you are running.  If you are simply looking at the
> dom0 as if it was a host and checking items such as cpu, memory or disk
> usage then you should not have a problem.  If you are executing XenServer
> xe commands then you will need to pass a username and password that has
> access to the XenServer to run these commands.  This will be root or
> another account that has been granted access.  You can store these values
> in the resources.cfg file and pass them in your command definition.****
>
> ** **
>
> I have also noticed that your service definition is passing 4 arguments,
> where your command definition is only using 3 arguments and the
> hostaddress.  It would be worth checking to make sure that you are passing
> the correct arguments from your service and command definitions to your
> remote host.****
>
> ** **
>
> James****
>
> ** **
>
> *From:* Eduardo Montes de Oca S. [mailto:edrendar at gmail.com]
> *Sent:* 15 August 2012 18:52
>
> *To:* nagios-users at lists.sourceforge.net
> *Subject:* [Nagios-users] Issues with check_by_ssh****
>
> ** **
>
> Hi list,****
>
> ** **
>
> I have some issues with the plugin "check_by_ssh". In particular, there is
> one error:****
>
> ** **
>
> When I run a shell script located in another server, from the Nagios
> server using the check_by_ssh plugin, I don't have any errors and I can see
> the result of the script, like this:****
>
> ** **
>
> *root at nagioserver# <root at TSM-SRV-V-114>** /usr/lib/nagios/plugins/check_by_ssh
> -l root -H "ipxenserver" -C /usr/lib/nagios/plugins/check_Xencpu
> “OK:CPU%= 3”*****
>
> ** **
>
> But, by any strange reason, when I configure the check for Nagios presents
> the results in its interface, I have the error:****
>
> [image: Imágenes integradas 1]****
>
> ** **
>
> I have made the ssh authorization keys in both servers (Nagios and Xen), I
> configured the users, permissions,etc. And I can't to do this work it.****
>
> ** **
>
> Could someone help me solve this problem????****
>
> ** **
>
> ** **
>
> This is a part of my definition files:****
>
> *#XENServer*
>
> *define command {*
>
> *               command_name check_by_ssh_xentop*
>
> *               command_line /usr/lib/nagios/plugins/check_by_ssh -l
> '$ARG1$' -H '$HOSTADDRESS$' -C '$ARG2$' -i '$ARG3$'*
>
> *               }*
>
> *#Hypervisor check*****
>
> *        define service{*****
>
> *                use                              generic-service*****
>
> *                host_name                  ORLANDO *****
>
> *                service_description     Hypervisor CPU*****
>
> *                check_command
> check_by_ssh_xentop!root!ipxenserver!/usr/lib/nagios/plugins/check_Xencpu.sh!/root/.ssh/id_rsa!
> *****
>
> *                }*****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> Regards!****
>
> ** **
>
> ** **
>
> -- ****
>
> *IC.** Eduardo Montes de Oca Sánchez
> *Skype: edrendar
> Gmail: edrendar at gmail.com
> MSN: ed_montesdeoca at hotmail.com
> Movil: 5523419886****
>
> https://linuxcounter.net/cert/549074.png****
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>



-- 
*IC.** Eduardo Montes de Oca Sánchez
*Skype: edrendar
Gmail: edrendar at gmail.com
MSN: ed_montesdeoca at hotmail.com
Movil: 5523419886
https://linuxcounter.net/cert/549074.png
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20120817/eecdaeec/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 22290 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/users/attachments/20120817/eecdaeec/attachment.png>
-------------- next part --------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list