Hi, I have had NRPE running on monitored linux servers which runs checks (obviously known as nagios-plugins) and returns values and exit code back to Icinga2 core.
I read about this possibility somewhere in Icinga2 documentation few months ago, but now I am not able to find the article… Was it marked as obsolete and removed? Or something like that?
I would like to set an automation process for providing certificates for these NRPE clients, but now I am not sure, if it still good way how to handling the monitoring checks…
Should I migrate the solution to Icinga agent based monitoring instead? Or is there a documented way how to set the providing process for NRPE clients?
you can use NRPE, although we generally discourage its usage due to known security problems. With the general overhaul of the “agent based monitoring” chapter, I have removed the NRPE parts from the documentation in 2.11 only showing the agent methods we do support.
That being said, you can find the old documentation inside the 2.10.x branch on GitHub, but there won’t be any effort to document its usage nor encourage users to actually use it.
In terms of the configuration, the Icinga agent with the command_endpoint mode is easier to configure than the nrpe_arguments syntax, and in addition, you can sync commands if not already there on the agent. No extra config format to learn and adopt, like nrpe.cfg. Security is ensured with TLS and the zone/endpoint hierarchy - this adds a complexity layer, but once learned, it becomes a breeze.
Especially if you consider using the Icinga Director, you can hide the setup and configuration parts from your users and focus on the important bits. Mark a host as agent, and the underlaying rendered configuration does the same as known from the distributed monitoring docs for the agent command_endpoint configuration.
AFAIK @lbetz invested some time into moving along from NRPE to the Icinga agent, maybe he can share his wisdom here too
Hi Michael,
thanks a lot for your really quick answer and the explanation.
I am thinking about changing the solution right now. It seems that it could bring a lot of advantages. Before I deeply fall into documentation, I would like to ask you about few things, if you will agree
I made a quick overview about the installation process and I am not sure about this: Currently our Icinga looks regurely into our AD and when new machine appears there, it put the host into Icinga Director, we just run Render config. And that’s all from Icinga side. (Sorry if I wasn’t exact in some terms - I didn’t setting that.)
It is still possible to hold the (or similar) way? Instead of sending generated tickets from Node Wizard?
The second question is related to plugins. I hope, that I understood it correctly that nothing will change for us if decide to switch to Icinga agent.? We still can use them, right?
Thanks a lot again for your time. You do really good support here.
Regards
I made a quick overview about the installation process and I am not sure about this: Currently our Icinga looks regurely into our AD and when new machine appears there, it put the host into Icinga Director, we just run Render config. And that’s all from Icinga side. (Sorry if I wasn’t exact in some terms - I didn’t setting that.)
It is still possible to hold the (or similar) way? Instead of sending generated tickets from Node Wizard?
