Plugins check_by_ssh + check_tcp

Arthur · February 8, 2022, 1:17am

Version used (icinga2 --version) : version: 2.13.2-1

hi icinga2 masters.

What I want is to do ssh authentication on one server and then tcp verification on another server.

But I searched many ways, but no solution.
So I want to make a tcp port check of server2 after ssh authentication to server 1.
What should I do?

icinga2(192.x.x.1) - > (192.x.x.2)server1 ssh(10.x.x.1) - > (10.x.x.2) server2 check_tcp

For example, I wish you could give me a reference URL or how to do it.
thank you. masters

dbodky · February 8, 2022, 8:09am

Hi Arthur,

you want something like this:

$ check_by_ssh --by_ssh_address 192.x.x.2 --by_ssh_command "/usr/lib64/nagios/check_tcp" --by_ssh_arguments "<list of check_tcp arguments>"

with information such as the IP of the tcp_check target, its port and additional flags go into list of check_tcp arguments. Additionally you will need flags to authenticate with server 1 via SSH.

Additional information on both checks and their parameters can be found here (by_ssh) and here (tcp).

Additionally, this constellation sounds like you might actually want to use a satellite on server 1 instead of check_by_ssh, you can read more about this topic here. 192.x.x.1 would be your master, 192.x.x.2 your satellite and 10.x.x.2 your agent in this scenario.

Best,
Daniel

Arthur · February 8, 2022, 8:24am

thank you. dbodky
I read the material you gave me.

Running this command on Linux produces the following:

/usr/lib64/nagios/plugins/check_by_ssh -H 192.x.x.2 -l root -i xxx.pem -C “/home/centos/.script/check_tcp -H 10.x.x.2 -p 22”

TCP OK - 0.002 second response time on 10.x.x.2 port 22|time=0.001599s;;;0.000000;10.000000

But I don’t know how to register this with the service.

I’m currently using the supervisor module and I don’t know how to do it with check_command: by_ssh .

can you help me

dbodky · February 8, 2022, 12:12pm

Using configuration files, you could register it like this:

commands.conf

object CheckCommand "check_tcp_by_ssh" {
    import "by_ssh"
    arguments["-C"] = {
        value = "$tcp_command$"
    }
}

services.conf

object Service "tcp_by_ssh_service" {
    import "generic-service"
    host_name = "192.x.x.2"
    check_command = "check_tcp_by_ssh"
    vars.tcp_command = [ "/home/centos/.script/check_tcp", "-H", "10.x.x.2", "-p", "22" ]
    vars.by_ssh_identity = "xxx.pem"
    vars.by_ssh_logname = "root"
}

You might have to tinker a bit with those snippets to get them to work, once again I refer you to the documentation available at https://icinga.com/learn.

Best,
Daniel

Arthur · February 9, 2022, 3:10am

thank you. dbodky
Script runs fine.

However, when the monitoring service checks, it seems that the service cannot be resolved.

rsx · February 9, 2022, 7:38am

When you run this check manually than it is executed as root. When icinga runs this check than it is executed as nagios or icinga (depending on your distribution). Hence, you need to setup ssh key-based authentication for nagios or icinga to that system.

Arthur · February 10, 2022, 12:43am

thank you. dbodky, rsx
I read your posts and found hints and solved it.

There aren’t many users in South Korea, so it was hard to find, but thank you for your reply.