First Last Prev Next    This bug is not in your last search results.
Bug 53681 - broken Nagios client configuration since UCS 5.0
broken Nagios client configuration since UCS 5.0
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Monitoring (Prometheus or Nagios)
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-1-errata
Assigned To: Florian Best
Julia Bremer
https://git.knut.univention.de/univen...
: python3-migration
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-08-19 21:43 CEST by Dirk Ahrnke
Modified: 2022-05-11 17:52 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.091
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Regression
Max CVSS v3 score:
best: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Ahrnke univentionstaff 2021-08-19 21:43:39 CEST 
steps to reproduce:
Environment installed with UCS 5, Nagios Server installed on 4.4-8 DC-Slave from App Center. UCRV "nagios/client/allowedhosts" set on all systems to allow queries from Nagios on DC-Slave.

Result: 
Beside NTP and PING all checks fail permanently. 
for UCS 4.4 client: (Nagios Host): Status CRITICAL "NRPE: Command "UNIVENTION_*" not defined
for UCS 5.0 clients: (tested with Primary and Backup): Status UNKNOWN "NRPE: Unable to read output"

Expected result according documentation: 
An installation of Nagios on a 4.4 Server in a UCS 5 domain should work without additional steps.
Comment 1 riess82 2021-11-10 07:57:42 CET 
I had originally posted in the help forum, but found the solution myself just now.
In 4.4, a command looked like this:
command[UNIVENTION_SSL]=/usr/lib/nagios/plugins/check_univention_ssl_certificate -w 40 -c 20

In 5.0, the command is defined as a bytes literal and does not work:
command[UNIVENTION_SSL]=b'/usr/lib/nagios/plugins/check_univention_ssl_certificate -w 40 -c 20'

Good news: manually changing the command back to its old form and restarting the nagios service on the client helps.
Bad news: manually doing this on multiple servers for all services is tedious work.

Would be great if someone could fix this in the next upcoming release, probably its just a small change in the code.
Comment 2 Florian Best univentionstaff 2021-11-10 08:59:12 CET 
Thank you for the feedback.

I still don't see where you are seeing and setting the bytestrings?

# udm nagios/service list --filter cn=UNIVENTION_SSL
cn=UNIVENTION_SSL
DN: cn=UNIVENTION_SSL,cn=nagios,l=school,l=dev
  checkCommand: check_univention_sslcert

The check script itself contains the program and is still Python 2:
# head -1 /usr/lib/nagios/plugins/check_univention_ssl_certificate
#!/usr/bin/python2.7

In the static configuration I also don't see a bytestring:
# grep check_univention_ssl_certificate /usr/share/nagios-plugins/templates-univention/univention.cfg
        command_line    /usr/lib/nagios/plugins/check_univention_ssl_certificate -w $ARG1$ -c $ARG2$

Did you install Install UCS 4.4 and upgrade to UCS 5.0 or did you do a new installation of UCS 5.0?
The initial comment speaks about a mixed 4.4 and 5.0 environment. What is your exact setup?
Comment 3 riess82 2021-11-10 09:10:16 CET 
I have installed a fresh 5.0 primary and added a 4.4 member server for nagios.

On the 5.0 system, for example /etc/nagios/nrpe.univention.d/UNIVENTION_SSL.cfg contains command[UNIVENTION_SSL]=b'/usr/lib/nagios/plugins/check_univention_ssl_certificate -w 40 -c 20'

Update: my manual changes were reverted by some process just a moment ago. Now nagios fails again.
Comment 4 Florian Best univentionstaff 2021-11-10 09:58:26 CET 
OK, thank you!
A patch for the problem is:

diff --git nagios/univention-nagios/nagios-client.py nagios/univention-nagios/nagios-client.py
index cb7d41548e..c2ee30d3a7 100644
--- nagios/univention-nagios/nagios-client.py
+++ nagios/univention-nagios/nagios-client.py
@@ -117,7 +117,7 @@ def writeConfig(fqdn, new):
                fp.write('#          automatisch ueberschrieben. Bitte benutzen Sie\n')
                fp.write('#          stattdessen den Univention Directory Manager.\n')
                fp.write('\n')
-               fp.write('command[%s]=%s\n' % (name, cmdline))
+               fp.write('command[%s]=%s\n' % (name, cmdline.decode('UTF-8')))
                fp.close()
 
                univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, 'NAGIOS-CLIENT: service %s written' % name)

The file on the System is: /usr/lib/univention-directory-listener/system/nagios-client.py
Comment 5 riess82 2021-11-10 09:59:41 CET 
tyvm
Comment 6 riess82 2021-11-10 10:33:16 CET 
quick question: how do I force the cfg-files to be re-written?
Comment 7 Florian Best univentionstaff 2021-11-10 10:34:11 CET 
Fixed in Merge Request: https://git.knut.univention.de/univention/ucs/-/merge_requests/162
Comment 8 Florian Best univentionstaff 2021-11-10 10:35:10 CET 
(In reply to riess82 from comment #6)
> quick question: how do I force the cfg-files to be re-written?

univention-directory-listener-ctrl resync nagios-client
Comment 10 Florian Best univentionstaff 2022-05-03 18:41:51 CEST 
The listener has been adjusted so it works again with Python 3.
During package update all configuration files are rewritten.

univention-nagios.yaml
e5538070952f | YAML Bug #53681

univention-nagios (13.0.2-6)
87aa9890d7a8 | Bug #53681: rewrite broken configuration files
a8ed314ab5a9 | Bug #53681: shorten univention.debug
2f8341df7661 | Bug #53681: use listener.SetUID(0)
8ea50ac7d07f | Bug #53681: fix nagios-client.py listener Python 3 compatibility
Comment 11 Julia Bremer univentionstaff 2022-05-09 08:35:30 CEST 
OK: Config written correctly
OK: Config rewritten on update
OK: Cleanups

REOPEN: YAML
[FAIL] changes.valid: Mismatching binary package version: 13.0.2-5A~5.0.0.202112211458 != univention-nagios-client-dbgsym 13.0.2-6A~5.0.0.202205061557 from univention-nagios 13.0.2-6A~5.0.0.202205061557
Comment 12 Florian Best univentionstaff 2022-05-09 17:22:01 CEST 
univention-nagios.yaml
d6cc4aa05d82 | YAML Bug #53681
Comment 13 Julia Bremer univentionstaff 2022-05-09 18:52:40 CEST 
Ok
First Last Prev Next    This bug is not in your last search results.