HPE Community
Operating System - Linux
1825601 Members
2522 Online
109682 Solutions
New Discussion

Nagios NRPE + sudo + hpacucli not working

 
GoranTornqvist
Occasional Advisor

‎04-14-2009 02:01 AM

‎04-14-2009 02:01 AM

Nagios NRPE + sudo + hpacucli not working

I´m downloaded the nagios pluginet check_hparray that can get hp raid status from hpacucli:
http://www.nagiosexchange.org/cgi-bin/p ... 8.html;d=1

Also configured /etc/sudoers:
nagios ALL = NOPASSWD: /usr/sbin/hpacucli

If I "su" to user nagios and run the command check_hparray it is working fine.
However, when I try the same thing from nrpe daemon I notice that hpacucli is returning an error status (not 0) but without any error messages/output.

Note: OS is Red Hat Enterprise Linux 5.2.
I am calling multipath command in the same way using nrpe + sudo and this is working.
SELinux is NOT activated.

Any ideas?
Thanks...
0 Kudos
12 REPLIES 12
Ivan Ferreira
Honored Contributor

‎04-14-2009 12:46 PM

‎04-14-2009 12:46 PM

Re: Nagios NRPE + sudo + hpacucli not working

Edit the check_hparray script and add an echo statement in the -s) section:

-s)
check=`sudo -u root $HPACUCLI controller slot=$2 ld all show`
# Add this line
echo $check > /tmp/check_array.out 2>&1
check_raid
;;


Consult the /tmp/check_array.out file
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
GoranTornqvist
Occasional Advisor

‎04-14-2009 09:32 PM

‎04-14-2009 09:32 PM

Re: Nagios NRPE + sudo + hpacucli not working

I only get "check_hparray Error" output from the script and /tmp/check_array.out is empty.
0 Kudos
GoranTornqvist
Occasional Advisor

‎04-16-2009 12:52 AM

‎04-16-2009 12:52 AM

Re: Nagios NRPE + sudo + hpacucli not working

*bump*

no suggestions...? Thanks ...
0 Kudos
Ivan Ferreira
Honored Contributor

‎04-16-2009 04:47 AM

‎04-16-2009 04:47 AM

Re: Nagios NRPE + sudo + hpacucli not working

You get:

echo "$PROGNAME Error. $checkm"

Because the $check variable is empty. There is something wrong because the tmp file has no output, that means that sudo and hpacucli is not being executed.

What do you get if you run:

sudo -u root /usr/sbin/hpacucli controller slot=$2 ld all show

From the command line? Replace $2 for the correct value as in your nrpe.cfg

Post your nrpe.cfg configuration file also for this section.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
GoranTornqvist
Occasional Advisor

‎04-16-2009 10:11 PM

‎04-16-2009 10:11 PM

Re: Nagios NRPE + sudo + hpacucli not working

Thanks for your reply...

If I "su" to user nagios it works:

-sh-3.2$ sudo -u root /usr/sbin/hpacucli controller slot=0 ld all show

Smart Array E200i in Slot 0

array A

logicaldrive 1 (136.7 GB, RAID 1+0, OK)



nrpe.cfg:
command[check_hparray]=/usr/lib/nagios/plugins/check_hparray -s $ARG1$

To me it appears like a problem calling sudo thru nrpe...I´m lost...
0 Kudos
Ivan Ferreira
Honored Contributor

‎04-17-2009 05:06 AM

‎04-17-2009 05:06 AM

Re: Nagios NRPE + sudo + hpacucli not working

What if you hard code the slot number in the npre.cfg file instead of having $ARG1$?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
GoranTornqvist
Occasional Advisor

‎04-17-2009 05:10 AM

‎04-17-2009 05:10 AM

Re: Nagios NRPE + sudo + hpacucli not working

Same problem when hard coding parameter I´m afraid ...
0 Kudos
Ivan Ferreira
Honored Contributor

‎04-17-2009 06:10 AM

‎04-17-2009 06:10 AM

Re: Nagios NRPE + sudo + hpacucli not working

You could try this:

- Set SUID to hpacucli
chmod u+s /usr/sbin/hpacucli

- set root:root as owner
chown root:root /usr/sbin/hpacucli

- Remove others read and execution permissions
chmod o-rw /usr/sbin/hpacucli

- Add nagios to root group
gpasswd -a nagios root

- Try again


Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
GoranTornqvist
Occasional Advisor

‎04-24-2009 07:25 AM

‎04-24-2009 07:25 AM

Re: Nagios NRPE + sudo + hpacucli not working

Solved it, if I added the whole command line in /etc/sudoers it worked:
nagios ALL = NOPASSWD: /usr/sbin/hpacucli controller slot=0 ld all show

This didn´t work:
nagios ALL = NOPASSWD: /usr/sbin/hpacucli
(according to the plugin docs it should be enough but wasn´t for some reason)
0 Kudos
GoranTornqvist
Occasional Advisor

‎04-24-2009 07:26 AM

‎04-24-2009 07:26 AM

Re: Nagios NRPE + sudo + hpacucli not working

/etc/sudoers:

nagios ALL = NOPASSWD: /usr/sbin/hpacucli controller slot=0 ld all show
0 Kudos
Rick Garland
Honored Contributor

‎05-04-2009 09:07 AM

‎05-04-2009 09:07 AM

Re: Nagios NRPE + sudo + hpacucli not working

I know this is closed but to add my experience;

My sudoers file has the following,
nagios ALL=NOPASSWD:/usr/sbin/hpacucli

This has worked for several months without issue.


Instead of the check_array plugin I am using a script, but HP says it doesn't matter.

What has been an issue is that the array check via hpacucli is not supported and has caused some of our systems to crash and not reboot. Feedback from HP says that even though there is this hpacucli check option it is not intended to query the array for prolonged periods. HP says that doing the hpacucli forces the array to init and flush the buffers. Most of the time this is not a concern as it will ride out. But watch out for when it does come back and bite you.

If a system does crash check the messages file. The last entry is a nagios sudo to run the hpacucli.
0 Kudos
GoranTornqvist
Occasional Advisor

‎05-04-2009 09:43 PM

‎05-04-2009 09:43 PM

Re: Nagios NRPE + sudo + hpacucli not working

thanks for the tip ...

should add that the real solution for this was to uncomment "Defaults requiretty" in /etc/sudoers.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.