Error while reading JSON-RPC message for identity 'HOST123456': Error: End of file

Hello,
ive got problems with configuring nrpe on solaris. I have configured the nrpe with certs and the ca errors disappeared but its still not working because of the error in the title. The icinga master is working we have linux and windows clients already running with it. Now i tried to get solaris running with nrpe.
The process is started but the icinga-master can connect but exits with an error.

I only found CSR auto-signing fails silently if no ticket_salt is set in the ApiListener feature configuration
but the ticketsalt ist set correctly. The auto-sign works for linux clients.

I did manually following steps:

  • creating certs on icinga master:

openssl req -new -newkey rsa:2048 -keyout HOST123456.key -out HOST123456.csr -nodes
openssl x509 -req -in HOST123456.csr -CA /var/lib/icinga2/ca/ca.crt -CAkey /var/lib/icinga2/ca/ca.key -CAcreateserial -out HOST123456.crt -days 36500 -sha512

  • copying certs to Solaris Client:
  • HOST123456.crt -> /opt/telnrpe/etc/ssl_cert/HOST123456.crt
  • HOST123456.key -> /opt/telnrpe/etc/ssl_cert/HOST123456.key
  • /var/lib/icinga2/ca/ca.crt -> /opt/telnrpe/etc/ssl_cert/ca.crt
  • configure nrpe to use the
    nrpe configuration

#############################################################################

NRPE Unix Config File

Version 1.0

#############################################################################

LOG file

log_facility=local1
debug=0

PID file

pid_file=/opt/telnrpe/var/run/nrpe.pid

PORT NUMBER

server_port=5675

NRPE USER

nrpe_user=telnagios

NRPE GROUP

nrpe_group=telnagios

ALLOWED HOST ADDRESSES

allowed_hosts=

OPTIONS

command_timeout=50
dont_blame_nrpe=1

SSL

ssl_client_certs=2
ssl_cacert_file=/opt/telnrpe/etc/ssl_cert/ca.crt
ssl_cert_file=/opt/telnrpe/etc/ssl_cert/HOST123456.crt
ssl_privatekey_file=/opt/telnrpe/etc/ssl_cert/HOST123456.key

NRPE-Version:

$ …/bin/nrpe --version
NRPE - Nagios Remote Plugin Executor
Version: 4.0.0

DEBUG-LOG:

...
[2020-04-02 15:34:17 +0200] information/ApiListener: Finished syncing runtime objects to endpoint 'HOST123456'.
[2020-04-02 15:34:17 +0200] information/ApiListener: Finished sending runtime config updates for endpoint 'HOST123456' in zone 'HOST123456'.
[2020-04-02 15:34:17 +0200] information/ApiListener: Sending replay log for endpoint 'HOST123456' in zone 'HOST123456'.
[2020-04-02 15:34:17 +0200] notice/ApiListener: Replaying log: /var/lib/icinga2/api/log/1585829893
[2020-04-02 15:34:17 +0200] notice/ApiListener: Replaying log: /var/lib/icinga2/api/log/1585831880
[2020-04-02 15:34:17 +0200] notice/ApiListener: Replaying log: /var/lib/icinga2/api/log/current
[2020-04-02 15:34:17 +0200] notice/ApiListener: Replayed 0 messages.
[2020-04-02 15:34:17 +0200] notice/ApiListener: Replaying log: /var/lib/icinga2/api/log/1585829893
[2020-04-02 15:34:17 +0200] notice/ApiListener: Replaying log: /var/lib/icinga2/api/log/1585831880
[2020-04-02 15:34:17 +0200] notice/ApiListener: Replaying log: /var/lib/icinga2/api/log/current
[2020-04-02 15:34:17 +0200] notice/ApiListener: Replayed 0 messages.
[2020-04-02 15:34:17 +0200] information/ApiListener: Finished sending replay log for endpoint 'HOST123456' in zone 'HOST123456'.
[2020-04-02 15:34:17 +0200] information/ApiListener: Finished syncing endpoint 'HOST123456' in zone 'HOST123456'.
[2020-04-02 15:34:17 +0200] information/ApiListener: Finished reconnecting to endpoint 'HOST123456' via host 'HOST123456' and port '5675'
[2020-04-02 15:34:17 +0200] notice/JsonRpcConnection: Error while reading JSON-RPC message for identity 'HOST123456': Error: End of file


        (0) icinga2: icinga::JsonRpc::ReadMessage(std::shared_ptr<icinga::AsioTlsStream> const&, boost::asio::basic_yield_context<boost::asio::executor_binder<void (*)(), boost::asio::executor> >, long) (+0x95) [0x92e165]
        (1) icinga2: icinga::JsonRpcConnection::HandleIncomingMessages(boost::asio::basic_yield_context<boost::asio::executor_binder<void (*)(), boost::asio::executor> >) (+0xf4) [0xbc26e4]
        (2) /usr/lib64/icinga2/sbin/icinga2() [0xbc2e51]
        (3) libboost_context.so.1.69.0: make_fcontext (+0x2f) [0x7fe413cb318f]
...

PS: I stripped the original Hostname and the IP. We got Hostname and Zone exact the same name.

Hope you can help me. If you need more infos pls let me know.

Greetings,
Daniel

Hello and welcome,

if you use NRPE as agent you cant connect to it via the Icinga API. You have to use nrpe check command. If you want icinga2 agent for Solaris, maybe @unixe can help you.

Regards,
Carsten

2 Likes