Operating System - Linux
1825552 Members
2466 Online
109681 Solutions
New Discussion

Nagios NRPE + sudo + hpacucli not working

 
GoranTornqvist
Occasional Advisor

Nagios NRPE + sudo + hpacucli not working

I´m downloaded the nagios pluginet check_hparray that can get hp raid status from hpacucli:
http://www.nagiosexchange.org/cgi-bin/p ... 8.html;d=1

Also configured /etc/sudoers:
nagios ALL = NOPASSWD: /usr/sbin/hpacucli

If I "su" to user nagios and run the command check_hparray it is working fine.
However, when I try the same thing from nrpe daemon I notice that hpacucli is returning an error status (not 0) but without any error messages/output.

Note: OS is Red Hat Enterprise Linux 5.2.
I am calling multipath command in the same way using nrpe + sudo and this is working.
SELinux is NOT activated.

Any ideas?
Thanks...
12 REPLIES 12
Ivan Ferreira
Honored Contributor

Re: Nagios NRPE + sudo + hpacucli not working

Edit the check_hparray script and add an echo statement in the -s) section:

-s)
check=`sudo -u root $HPACUCLI controller slot=$2 ld all show`
# Add this line
echo $check > /tmp/check_array.out 2>&1
check_raid
;;


Consult the /tmp/check_array.out file
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
GoranTornqvist
Occasional Advisor

Re: Nagios NRPE + sudo + hpacucli not working

I only get "check_hparray Error" output from the script and /tmp/check_array.out is empty.
GoranTornqvist
Occasional Advisor

Re: Nagios NRPE + sudo + hpacucli not working

*bump*

no suggestions...? Thanks ...
Ivan Ferreira
Honored Contributor

Re: Nagios NRPE + sudo + hpacucli not working

You get:

echo "$PROGNAME Error. $checkm"

Because the $check variable is empty. There is something wrong because the tmp file has no output, that means that sudo and hpacucli is not being executed.

What do you get if you run:

sudo -u root /usr/sbin/hpacucli controller slot=$2 ld all show

From the command line? Replace $2 for the correct value as in your nrpe.cfg

Post your nrpe.cfg configuration file also for this section.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
GoranTornqvist
Occasional Advisor

Re: Nagios NRPE + sudo + hpacucli not working

Thanks for your reply...

If I "su" to user nagios it works:

-sh-3.2$ sudo -u root /usr/sbin/hpacucli controller slot=0 ld all show

Smart Array E200i in Slot 0

array A

logicaldrive 1 (136.7 GB, RAID 1+0, OK)



nrpe.cfg:
command[check_hparray]=/usr/lib/nagios/plugins/check_hparray -s $ARG1$

To me it appears like a problem calling sudo thru nrpe...I´m lost...
Ivan Ferreira
Honored Contributor

Re: Nagios NRPE + sudo + hpacucli not working

What if you hard code the slot number in the npre.cfg file instead of having $ARG1$?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
GoranTornqvist
Occasional Advisor

Re: Nagios NRPE + sudo + hpacucli not working

Same problem when hard coding parameter I´m afraid ...
Ivan Ferreira
Honored Contributor

Re: Nagios NRPE + sudo + hpacucli not working

You could try this:

- Set SUID to hpacucli
chmod u+s /usr/sbin/hpacucli

- set root:root as owner
chown root:root /usr/sbin/hpacucli

- Remove others read and execution permissions
chmod o-rw /usr/sbin/hpacucli

- Add nagios to root group
gpasswd -a nagios root

- Try again


Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
GoranTornqvist
Occasional Advisor

Re: Nagios NRPE + sudo + hpacucli not working

Solved it, if I added the whole command line in /etc/sudoers it worked:
nagios ALL = NOPASSWD: /usr/sbin/hpacucli controller slot=0 ld all show

This didn´t work:
nagios ALL = NOPASSWD: /usr/sbin/hpacucli
(according to the plugin docs it should be enough but wasn´t for some reason)
GoranTornqvist
Occasional Advisor

Re: Nagios NRPE + sudo + hpacucli not working

/etc/sudoers:

nagios ALL = NOPASSWD: /usr/sbin/hpacucli controller slot=0 ld all show
Rick Garland
Honored Contributor

Re: Nagios NRPE + sudo + hpacucli not working

I know this is closed but to add my experience;

My sudoers file has the following,
nagios ALL=NOPASSWD:/usr/sbin/hpacucli

This has worked for several months without issue.


Instead of the check_array plugin I am using a script, but HP says it doesn't matter.

What has been an issue is that the array check via hpacucli is not supported and has caused some of our systems to crash and not reboot. Feedback from HP says that even though there is this hpacucli check option it is not intended to query the array for prolonged periods. HP says that doing the hpacucli forces the array to init and flush the buffers. Most of the time this is not a concern as it will ride out. But watch out for when it does come back and bite you.

If a system does crash check the messages file. The last entry is a nagios sudo to run the hpacucli.
GoranTornqvist
Occasional Advisor

Re: Nagios NRPE + sudo + hpacucli not working

thanks for the tip ...

should add that the real solution for this was to uncomment "Defaults requiretty" in /etc/sudoers.