Bug #14560
closedNRPE does not function properly on Plus 23.09 / CE 2.7.0
100%
Description
nrpe 3.1_5 works smooth on pfSense 2.7.0, after the upgrade to nrpe 3.1_6 the service can not be controled anymore via "Status" > "Services".
[2.7.0-RELEASE][admin@firewall.somedomain.local]/root: /usr/local/etc/rc.d/nrpe3.sh start
/usr/local/etc/rc.d/nrpe3.sh: WARNING: run_rc_command: cannot run /usr/local/sbin/nrpe3
The start command is not anymore located at /usr/local/sbin/nrpe3.
[2.7.0-RELEASE][admin@wmthuwall.weiers.local]/root: find / -name nrpe | grep -i /usr/local/sbin
/usr/local/sbin/nrpe
Changing the path in /usr/local/etc/rc.d/nrpe3.sh makes NRPE startable, but the "Status" > "Services" page does still not show NRPE as started.
Hint: I don't know if the issue is related to 2.7.0 or to the package itself.
Updated by Kris Phillips over 1 year ago
- Status changed from New to Confirmed
- Plus Target Version set to 23.09
Tested on 23.09. Confirmed this behavior.
Editing /usr/local/etc/rc.d/nrpe to change this allows the service to start:
command="/usr/local/sbin/nrpe3"
to this:
command="/usr/local/sbin/nrpe"
However, the Status --> Services menu still shows the service as stopped with this change even though the System Logs show it started normally. It seems the path changed.
Also tried creating a symlink for nrpe3 to point at nrpe in the same directory. This allows the service to start the same as above, but the Status --> Services menu still shows the wrong status.
Updated by Jeff Morris over 1 year ago
In addition to the daemon name being changed from nrpe3 to nrpe, I've noticed that the associated check command has also been renamed, i.e.:
/usr/local/libexec/nagios/check_nrpe3
has been changed to:
/usr/local/libexec/nagios/check_nrpe
This means that NRPE checks defined in the master /cf/conf/config.xml file that utilize check_nrpe3 do not get parsed and placed into the /usr/local/etc/nrpe.cfg file.
When upgrading, in addition to the work-around Kris Phillips provided, I also had to replace all instances of "check_nrpe3" in my config.xml with "check_nrpe" to get things working again.
Updated by Jeff Morris over 1 year ago
Two more notes:
(1) At least on my system, the command="/usr/local/sbin/nrpe" change had to be made to /usr/local/etc/rc.d/nrpe3.sh, in addition to /usr/local/etc/rc.d/nrpe as Kris mentioned.
(2) Changing the executable name from nrpe3 to nrpe in the following section of config.xml fixes the service status reporting:
<pfsense> <installedpackages> <service> <name>nrpe</name> <rcfile>nrpe3.sh</rcfile> <executable>nrpe3</executable> <description><![CDATA[Nagios NRPE Daemon]]></description> </service> </installedpackages> </pfsense>
So in summary, these 4 changes appear to restore 100% functionality from the previous release:
- /usr/local/etc/rc.d/nrpe: Update command="/usr/local/sbin/nrpe"
- /usr/local/etc/rc.d/nrpe3.sh: Update command="/usr/local/sbin/nrpe"
- /cf/conf/config.xml: Replace all instances of "check_nrpe3" with "check_nrpe"
- /cf/conf/config.xml: Udate the <executable> section of the nrpe <service> entry to "nrpe"
Updated by Tom Huerlimann over 1 year ago
Thank you
So in summary, these 4 changes appear to restore 100% functionality from the previous release:
/usr/local/etc/rc.d/nrpe: Update command="/usr/local/sbin/nrpe"
/usr/local/etc/rc.d/nrpe3.sh: Update command="/usr/local/sbin/nrpe"
/cf/conf/config.xml: Replace all instances of "check_nrpe3" with "check_nrpe"
/cf/conf/config.xml: Udate the <executable> section of the nrpe <service> entry to "nrpe"
I can not confirm this. I still have no status at Services > Status in the GUI.
Any idea?
Updated by Jeff Morris over 1 year ago
Sorry for the confusion Tom. Those changes do indeed fix it on my system, but after seeing your comment I just did some more testing and discovered that my changes to nrpe3.sh get overwritten on reboot, so that's probably what's happening to you as well. If I modify nrpe3.sh as I described above I can then go to the services page and start nrpe, and it shows it as started, but after a reboot that change reverts.
I'm not a pfSense developer, just a user, so I'm not certain how nrpe3.sh gets generated, but hopefully someone more knowledgeable will chime in. I'm just trying to provide as much information as I can. I'll keep digging too.
Updated by Tom Huerlimann over 1 year ago
In my case, nrpe is already running by manually starting the service via start-script in /usr/local/etc/rc.d/nrpe.
I still try to get the status in the gui without success. Your suggested modifications are in place, no status displayed in the gui, but i did not reboot the whole box or restart the webconfigurator.
I‘m also wondering why there are two start scripts.
After uninstalling the nrpe package and reinstalling, there is no nrpe3.sh anymore, only the nrpe is there then (if i recall correctly).
Updated by Jeff Morris over 1 year ago
Ok, I think I've got this figured out... nrpe3.sh gets automatically generated, so disregard my previous comment regarding that file. Instead, these two files seem to define the executable name and seem to be where nrpe3.sh is getting generated from:
(1) In /usr/local/pkg/nrpe.inc, change this:
define('NRPE_BINARY', "/usr/local/sbin/nrpe3");
to this:
define('NRPE_BINARY', "/usr/local/sbin/nrpe");
(2) in /usr/local/pkg/nrpe.xml, change the executable name from nrpe3 to nrpe:
<packagegui> <service> <executable>nrpe</executable> </service> </packagegui>
With these changes my system survives a reboot, and nrpe auto-starts an performs properly (i.e. all my checks are returning valid data, including my check_nrpe checks.)
So to re-summarize, these 5 changes appear to restore 100% functionality from the previous release:
- /usr/local/etc/rc.d/nrpe: Update command="/usr/local/sbin/nrpe"
- /cf/conf/config.xml: Replace all instances of "check_nrpe3" with "check_nrpe"
- /cf/conf/config.xml: Update the <executable> section of the nrpe <service> entry to "nrpe"
- /usr/local/pkg/nrpe.inc: Update define('NRPE_BINARY', "/usr/local/sbin/nrpe");
- /usr/local/pkg/nrpe.xml: Update the <executable> section of the nrpe <service> entry to "nrpe"
I hope this helps until an official fix is released.
Updated by Jeff Morris over 1 year ago
Tom Huerlimann: I'd suggest rebooting after making the five changes I listed above. nrpe3.sh definitely seems to get generated on boot, so that may be why you don't have that file anymore... uninstalling the package likely removes it, but reinstalling the package probably doesn't recreate it, since it gets generated automatically. I saw several references to nrpe3.sh in the gui definition files, so I don't think the gui status display will work without it being present.
There's likely a cleaner way to get pfSense to regenerate things than rebooting, but I just don't have that knowledge. :-)
Updated by Tom Huerlimann over 1 year ago
Thank you all!
So to re-summarize, these
56 changes appear to restore 100% functionality from the previous release:1. /usr/local/etc/rc.d/nrpe: Update command="/usr/local/sbin/nrpe"
-> Note to myself: Before i tried, I uninstalled the package and reinstalled it - this change was not required anymore. I ask myself: Did somebody already have fixed this path?
2. /cf/conf/config.xml: Replace all instances of "check_nrpe3" with "check_nrpe"
3. /cf/conf/config.xml: Update the <executable> section of the nrpe <service> entry to "nrpe"
4. /usr/local/pkg/nrpe.inc: Update define('NRPE_BINARY', "/usr/local/sbin/nrpe");
5. /usr/local/pkg/nrpe.xml: Update the <executable> section of the nrpe <service> entry to "nrpe"
6. Reboot pfSense
I can confirm, those changes make the NRPE service work like a charm via webgui again. Thanks a lot again.
Updated by Jim Pingle over 1 year ago
- Subject changed from nrpe 3.1_6 service control broken on pfSense 2.7.0 to NRPE does not function properly on Plus 23.09 / CE 2.7.0
- Status changed from Confirmed to In Progress
- Assignee set to Jim Pingle
- Plus Target Version deleted (
23.09) - Affected Version deleted (
2.7.0)
Some care will be needed here since CE 2.7.0 apparently has the OS package nrpe-4.1.0 while Plus 23.05.1 has nrpe3-3.2.1, so the code may need to have a way to handle both for the moment. Plus 23.09 snapshots have nrpe-4.1.0.
If things are working OK on Plus 23.05.1 for now we may just leave that version alone and only update the package for Plus 23.09 / CE 2.7.0, it depends on what all needs fixed.
Updated by Jim Pingle over 1 year ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Updated package committed on devel branches and also to RELENG_2_7_0, should be available soon on CE 2.7.0 and in development snapshots once those are ready.
I opted not to try maintaining compatibility with the older version.
The only thing that can't be handled automatically is if someone had manually entered something that used nrpe3, there may still need to be some manual config adjustments there.
Updated by Lev Prokofev over 1 year ago
Tested package 4.1 on
2.7.0-RELEASE (amd64)built on Wed Jun 28 03:53:34 UTC 2023works fine no issues detected.