Univention Bugzilla – Full Text Bug Listing |
Summary: | NRPE complains about allowed_hosts hostname as invalid IPv6 address | ||
---|---|---|---|
Product: | UCS | Reporter: | Michael Grandjean <grandjean> |
Component: | Monitoring (Prometheus or Nagios) | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann |
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=24512 | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Michael Grandjean
2017-04-23 21:23:15 CEST
The log message is harmless, but ipv6 in nrpe-server is broken currently: -> more /etc/nagios/nrpe.cfg| grep allowed_hosts= allowed_hosts=master.w2k12.test -> host master.w2k12.test master.w2k12.test has address 10.200.7.150 master.w2k12.test has IPv6 address 2001:4dd0:ff00:8c42:ff07::150 -> /usr/lib/nagios/plugins/check_nrpe -H 2001:4dd0:ff00:8c42:ff07::150 -c UNIVENTION_DNS CHECK_NRPE: Error - Could not complete SSL handshake. -> journalctl -f Host 2001:4dd0:ff00:8c42:ff07::150 is not allowed to talk to us! -> /usr/lib/nagios/plugins/check_nrpe -H 10.200.7.150 -c UNIVENTION_DNS DNS OK: 0,014 seconds response time. www.univention.de returns 78.47.199.152|time=0,013934s;;;0,000000 -> journalctl -f Host address is in allowed_hosts so i guess nrpe does not work in ipv6 only environments Added a patch for nagios-nrpe based on https://github.com/NagiosEnterprises/nrpe/commit/1ac990954b7806d9cc92fa340808b29219e872a1: 005-ipv6-4.2-0-0-ucs/2.15-1-errata4.2-0is_an_allowed_host-fix.patch Changed one thing in is_an_allowed_host(): -if (!memcmp(&addr6.sin6_addr, &host, sizeof(addr6.sin6_addr))) +if (!memcmp(&addr6.sin6_addr, host, sizeof(addr6.sin6_addr))) The upstream version (&host) didn't work for me. Memcmp takes two pointers (int memcmp ( const void * ptr1, const void * ptr2, size_t num )) but the host variable at this point is already a pointer. nagios-nrpe-2.15/src/nrpe.c +1080 is_an_allowed_host(AF_INET6, (void *)&(nptr6->sin6_addr)) so no need for '&' here (or?) errata4.2-0: nagios-nrpe.yaml Tests: OK Advisory: OK |