Icinga crashed after Ubuntu OS Upgrade

Hy all,

ive tried to upgrade my icinga2 linux enviroment to try out the new IcingaDB.

after the linux upgrade insight ubunto ive get the following warnungs on the WEB GUI.

Enviroment before Upgrade
Ubuntu 16.04.6
PHP 7.033
mysql 5.7.30
Icinga 2.12-0 rc1
Icingaweb2 2.8.0 rc1

after Upgrade
Ubuntu 18.04.6
PHP 7.2.24
mysql 5.7.30
Icinga 2.12-0 rc1
Icingaweb2 2.8.0 rc1
and ive tried to upgraded to 18.04

I Hope that someony got any idea, why there are several php module errors…

first time I upgraded to 18.04 I noted down the following php related stuff to do:

apt-get install libapache2-mod-php7.2 php7.2-dom php7.2-gd php7.2-ldap php7.2-intl php7.2-Imagick php7.2-curl php7.2-cli php7.2-common php7.2-gmp php7.2-json php7.2-mysql php7.2-opcache php7.2-readline php7.2-xml
a2enmod PHP7.2

as you already listed php7.2, I’m not sure if that is still necessary. but maybe you are just missing some libraries.

also, from my experience, there are some other things that need attention after switchting to 18.04.

  • scripts that use Nagios:Plugin perl libraries need to be switched to use Monitoring::Plugin libraries
  • vmware libraries
  • check_by_ssh pubkey
  • oracle libraries
  • check_nrpe version (save the old version from 16.04 or update the key for nsclient to 2048bit)
1 Like

thanks for the hint…

ill try it and give a feedback ASAP

now ot works (allmost).

after adding the rest of the php7.2 modules and important…
after removing the old deprecated php7.0 modules with (apt-get purge ‘php7.0*’)

now i only got a problem with the nrpe…

CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with IP

1 Like

I suppose you are using the NSClient?

You will either have to update the 512bit key of NSClient with a 2048bit one:

Or use the old check_nrpe version that was standard with Ubuntu 16.04.

2 Likes

ive got the sollution…

creating the nrpe_dh_2048.pem on the icinga linux vm.
openssl dhparam -C 2048

-----BEGIN DH PARAMETERS-----
MY-SECRET-KEY
-----END DH PARAMETERS-----

create the PEM with the key to the required servers (eg. C:\Program Files\NSClient++\security\)

modify the nsclient.ini
[/settings/NRPE/server]
allowed ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
certificate format=PEM
ca=${certificate-path}/ca.pem
dh = ${certificate-path}\nrpe_dh_2048.pem
verify mode=none

; Undocumented key
**; insecure = true (uncommand this)**

then restart the nsclient service..
and thats it.