Run check_nrpe on remote server

icinganrpe

I am trying to monitor a small service on a dummy server via Icinga2 the check_nrpe plugin. I have setup both correctly as I can do the following:

  • when I run /usr/lib/nagios/plugins/check_nrpe -H remote-server-ip
    from the main server I get NRPE v2.15
  • when I do /usr/lib/nagios/plugins/check_nrpe -H main-server-ip from
    the remote server I get the same result.
  • when I run /usr/lib/nagios/plugins/check_nrpe -H remote-server-ip -c
    check_load     I get WARNING - load average: 5.85, 5.67, 5.55|load1=5.850;15.000;30.000;0; load5=5.670;10.000;25.000;0; load15=5.550;5.000;20.000;0;

Now I am trying to use check_nrpe to run a small script on my remote machine which is placed in /usr/local/lib/ called check_remote_server.py. For this I did the following:

in /etc/icinga2/conf.d/test.conf

object Service "Test Check" {
    import "generic-service"
    host_name = "remote-server-ip"
    check_command = "check_nrpe"
    vars.ARG1 = "check_remote_server"
}

object Host "remote-server-ip" {
    import "linux-server"
    address = "xx.xx.xx.xx"
    groups = [ "test" ]
}

and in /etc/nagios/nrpe.cfg

command[check_remote_server]=/usr/local/lib/check_remote_server.py -w 2 -c 1

However when I restart icinga2 and check the status, I get all sorts of errors from syntax errors, compilation errors etc which only go away after I roll back ALL changes Ive made. I cant figure out for the life of me how to pass arguments with check_nrpe.

Can anyone PLEASE give me a simple quide as to how to configure a custom check via check_nrpe?

EDIT: Used the icinga tag instead of icinga2 because there is no icinga2 tag.

Edit2: I just tried this from the command line
/usr/lib/nagios/plugins/check_nrpe -H remote-ip -c check_disk -a "-w 20% -c 10% adn got the error CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

Best Answer

Chances are the reason your command-line test with check_disk is returning "Received 0 bytes from daemon" is because you don't have: 

dont_blame_nrpe=1

set in your nrpe.cfg file, as that's required to allow the nrpe client to pass any arguments. Since there's a security implication to allowing arbitrary args to nrpe tests, its disallowed by default.

You shouldn't need to enable that though to test your custom check script, since you already have it defined in the host's nrpe.cfg. What happens when you test your custom check command from your icinga server via

/usr/lib/nagios/plugins/check_nrpe -H remote-ip -c check_remote_server

?

Rule out any issues with nrpe and your check script, but also take a second look at your service and command definitions. Looking at your config snippet, the first issue I see is the "Object Service" line -- this should read "apply Service" instead. Also, make sure you have a command definition defined for NRPE. Try something like this to start:

object HostGroup "test" {
  display_name = "Test Group"
  assign where host.name == "hostname.com"
  check_command = "dummy"
}

object Host "hostname.com" {
    import "generic-host"
    address = "xx.xx.xx.xx"
}

object CheckCommand "check_nrpe" {
    import "plugin-check-command"
    command = [PluginDir + "/check_nrpe" ] # Make sure this points to check_nrpe binary
    arguments = {
    "-H" = "$host$"
    "-c" = "$ARG1$"
    }
}

apply Service "Test Check" {
    import "generic-service"
    check_command = "check_nrpe"
    vars.ARG1 = "check_remote_server"
    assign where "test" in host.groups
}

Somewhat related, but since you're using icinga2 why not just ditch nrpe and use the icinga2 native client? It's pretty flexible and arguably more secure than using nrpe.

Related Topic