Hi all,
I have a script located on remote server and this script needed to run on remote hosts and get output in director how can i do it in director? Earlier i used to with icingaweb2, and that was easy but with director not able to find option.Any suggestions ?
Is the script running on a Linux or Windows host?
Does the script produce exitcodes and messages on stdout, that are nagios/icinga compatible?
How does the script get started? Would it be possible for icinga to run the script periodically?
Does the script produce a log file that could be monitored?
remote host has NRPE installed . I want to run checks from Icinga server itself. But the script has to be placed on remote host. whats the best way to do it
If it’s a icinga/nagios compatible script (exitcode & stdout messages) I would use the check_by_ssh or icinga2 agent.
I have a script running on remote host (Linux server) and i wanted this to be monitored from nagios server.I have updated the configuration file of NRPE
Code:
command[check_disk_uses]=/usr/lib/nagios/plugins/check_disk_uses.sh /dev/sda1
I have also added new file check_disk.cfg on nagios server with define command
Code:
define command{
command_name check_nrpe
command_line /usr/lib/nagios/plugins/check_nrpe -H ‘$HOSTADDRESS$’ -C “/usr/lib/nagios/plugins/check_disk.sh”
}
Code:
/usr/lib/nagios/plugins/check_nrpe -H §hostaddress -c check_disk
NRPE: Unable to read output
I have other problem. Remote command execution failed: Host key verification failed. when doing with ssh though i copied the keys to remote server
Hi looking forward to suggestions
I stopped using nrpe a long time ago and would use SSH or preferably the icinga2 agent in my environment.
Does the Icinga user (icinga or nagios) have access to the SSH key and did you tell it to use the key?
Wait, are you using Icinga 1, Icinga 2 or Nagios?
I would also prefer with check_by_ssh we are here using icinga2. and i have setup keys there and copied to remote host. when i also do ssh from director., i can connect to remote host with out any issues.but when i check on command line
~# ‘/usr/lib/nagios/plugins/check_by_ssh’ ‘-C’ ‘/usr/lib/nagios/plugins/check_script.sh’ ‘-H’ ‘hostaddress’ -t 30
Remote command execution failed: Unauthorized access to this machine is prohibited
Does ~# mean, that you are issuing the command as root user?
Try with sudo -su icinga or nagios depending on your distribution. If unsure, you can check in /etc/passwd wich of the two exists on your system.
i tried both. when i switch user and run the command, it asks me to issue password though the keys are transferred.
https://icinga.com/docs/icinga-2/latest/doc/07-agent-based-monitoring/
i followed this when i try to copy keys with ssh-copy-id it asks me passwd, and then when i issue passwd it says password wrong. I am confused
icinga@server:~$ ssh root@remoteserver → works
icinga@server:~$ ssh icinga@remoteserver → asks passwd →
it still asks password, very confusing. Also i dont want to create user on remote hosts
You can connect to root on the remote host but for most checks it’s not needed and least required privileges are best security practices.
Did you get the public key transfered to icinga@remoteserver? If yes, I guess it gets ignored because of wrong rights of /home/icinga/.ssh/ on the remote server.
Cant we add icinga server pubkey to the hosts authorized keys ( /root/.ssh/authorized_keys) on remote server,rather than creating icinga user on remote server ?
No as far as I know, SSH is user based not host based.
Why can’t you just get icinga@server → SSH → root@remoteserver to work first?
Still doesnot work. not sure whats wrong. i configured single service to check
object Service “ssh” {
host_name = “host”
check_command = "by_ssh"
vars.by_ssh_command = "/usr/lib/nagios/plugins/check_script.sh"
vars.by_ssh_identity = "/home/icinga/.ssh/id_rsa"
vars.by_ssh_logname = "root"
}
‘/usr/lib/nagios/plugins/check_by_ssh’ ‘-C’ ‘date’ ‘-i’ ‘/home/icinga/.ssh/id_rsa’ ‘-H’ ‘ipaddress’ ‘-l’ ‘root’
Remote command execution failed: Unauthorized access to this machine is prohibited
who is running /usr/lib/nagios/plugins/check_by_ssh -C /usr/lib/nagios/plugins/check_script.sh -H host -u root and how do you specify the SSH key?
On my Icinga installation I have the following in /etc/passwd:
icinga:x:995:990:icinga:/var/spool/icinga2:/sbin/nologin
so the .ssh folder is there but the key lives under /usr/lib/icinga2/.ssh/
I have the following defined in the director:
zones.d/master/service_templates.conf
template Service "116-tpl-service-by-ssh" {
import "tpl-service-generic"
check_command = "116-cmd-by-ssh"
command_endpoint = null
vars.by_ssh_identity = "/usr/lib/icinga2/.ssh/id_rsa"
vars.by_ssh_logname = "root"
}
Hi,
when i just some ‘date’ command to run on the remote host by passing -E argument it works
can you pelase tell how to set command endpoint null
usr/lib/nagios/plugins/check_by_ssh -C date -i /home/icinga/.ssh/id_rsa -H host -l icinga -E → works
only my script doesnot work
/usr/lib/nagios/plugins/check_by_ssh -C /usr/lib/nagions/plugins/check_script.sh -i /home/icinga/.ssh/id_rsa -H host -l icinga -E
Remote command execution failed: Warning: Identity file /home/icinga/.ssh/id_rsa not accessible: Permission denied.Please suggest 
‘/usr/lib/nagios/plugins/check_by_ssh’ ‘-C’ ‘/usr/lib/nagios/plugins/check_script.sh’ ‘-H’ ‘ipaddress’ ‘-i’ ‘/home/icinga/.ssh/id_rsa’ ‘-l’ ‘root’
But when i access with ssh -i /home/icinga/.ssh/id_rsa root@client --------- works
I think that endpoint null comes from:
I don’t understand the error message from your last post. Do you get it if you run it via sudo -u icinga or how do you run the commands?