Univention Bugzilla – Bug 53681
broken Nagios client configuration since UCS 5.0
Last modified: 2022-05-11 17:52:28 CEST
steps to reproduce: Environment installed with UCS 5, Nagios Server installed on 4.4-8 DC-Slave from App Center. UCRV "nagios/client/allowedhosts" set on all systems to allow queries from Nagios on DC-Slave. Result: Beside NTP and PING all checks fail permanently. for UCS 4.4 client: (Nagios Host): Status CRITICAL "NRPE: Command "UNIVENTION_*" not defined for UCS 5.0 clients: (tested with Primary and Backup): Status UNKNOWN "NRPE: Unable to read output" Expected result according documentation: An installation of Nagios on a 4.4 Server in a UCS 5 domain should work without additional steps.
I had originally posted in the help forum, but found the solution myself just now. In 4.4, a command looked like this: command[UNIVENTION_SSL]=/usr/lib/nagios/plugins/check_univention_ssl_certificate -w 40 -c 20 In 5.0, the command is defined as a bytes literal and does not work: command[UNIVENTION_SSL]=b'/usr/lib/nagios/plugins/check_univention_ssl_certificate -w 40 -c 20' Good news: manually changing the command back to its old form and restarting the nagios service on the client helps. Bad news: manually doing this on multiple servers for all services is tedious work. Would be great if someone could fix this in the next upcoming release, probably its just a small change in the code.
Thank you for the feedback. I still don't see where you are seeing and setting the bytestrings? # udm nagios/service list --filter cn=UNIVENTION_SSL cn=UNIVENTION_SSL DN: cn=UNIVENTION_SSL,cn=nagios,l=school,l=dev checkCommand: check_univention_sslcert The check script itself contains the program and is still Python 2: # head -1 /usr/lib/nagios/plugins/check_univention_ssl_certificate #!/usr/bin/python2.7 In the static configuration I also don't see a bytestring: # grep check_univention_ssl_certificate /usr/share/nagios-plugins/templates-univention/univention.cfg command_line /usr/lib/nagios/plugins/check_univention_ssl_certificate -w $ARG1$ -c $ARG2$ Did you install Install UCS 4.4 and upgrade to UCS 5.0 or did you do a new installation of UCS 5.0? The initial comment speaks about a mixed 4.4 and 5.0 environment. What is your exact setup?
I have installed a fresh 5.0 primary and added a 4.4 member server for nagios. On the 5.0 system, for example /etc/nagios/nrpe.univention.d/UNIVENTION_SSL.cfg contains command[UNIVENTION_SSL]=b'/usr/lib/nagios/plugins/check_univention_ssl_certificate -w 40 -c 20' Update: my manual changes were reverted by some process just a moment ago. Now nagios fails again.
OK, thank you! A patch for the problem is: diff --git nagios/univention-nagios/nagios-client.py nagios/univention-nagios/nagios-client.py index cb7d41548e..c2ee30d3a7 100644 --- nagios/univention-nagios/nagios-client.py +++ nagios/univention-nagios/nagios-client.py @@ -117,7 +117,7 @@ def writeConfig(fqdn, new): fp.write('# automatisch ueberschrieben. Bitte benutzen Sie\n') fp.write('# stattdessen den Univention Directory Manager.\n') fp.write('\n') - fp.write('command[%s]=%s\n' % (name, cmdline)) + fp.write('command[%s]=%s\n' % (name, cmdline.decode('UTF-8'))) fp.close() univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, 'NAGIOS-CLIENT: service %s written' % name) The file on the System is: /usr/lib/univention-directory-listener/system/nagios-client.py
tyvm
quick question: how do I force the cfg-files to be re-written?
Fixed in Merge Request: https://git.knut.univention.de/univention/ucs/-/merge_requests/162
(In reply to riess82 from comment #6) > quick question: how do I force the cfg-files to be re-written? univention-directory-listener-ctrl resync nagios-client
The listener has been adjusted so it works again with Python 3. During package update all configuration files are rewritten. univention-nagios.yaml e5538070952f | YAML Bug #53681 univention-nagios (13.0.2-6) 87aa9890d7a8 | Bug #53681: rewrite broken configuration files a8ed314ab5a9 | Bug #53681: shorten univention.debug 2f8341df7661 | Bug #53681: use listener.SetUID(0) 8ea50ac7d07f | Bug #53681: fix nagios-client.py listener Python 3 compatibility
OK: Config written correctly OK: Config rewritten on update OK: Cleanups REOPEN: YAML [FAIL] changes.valid: Mismatching binary package version: 13.0.2-5A~5.0.0.202112211458 != univention-nagios-client-dbgsym 13.0.2-6A~5.0.0.202205061557 from univention-nagios 13.0.2-6A~5.0.0.202205061557
univention-nagios.yaml d6cc4aa05d82 | YAML Bug #53681
Ok
<https://errata.software-univention.de/#/?erratum=5.0x304>