Bug 27043 – Nagios-Check für LDAP ermittelt IP per Host

Bug 27043 - Nagios-Check für LDAP ermittelt IP per Host


Summary:	Nagios-Check für LDAP ermittelt IP per Host

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Monitoring (Prometheus or Nagios)
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.0-2-errata
Assigned To:	Felix Botner
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:	42474
	Show dependency tree / graph

Reported:	2012-05-08 16:40 CEST by Tim Petersen
Modified:	2016-09-22 13:58 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Petersen

2012-05-08 16:40:33 CEST

Aufgefallen an Ticket #2012050821001217:

Der Nagios-Check "check_univention_ldap" ermittelt folgendermaßen die IP des Hosts:
IP="$(LC_ALL=C host "$hostname"|head -n1|LC_ALL=C cut -d' ' -f4)"

Das ist mindestens im Fehlerfall unschön. Wenn beispielsweise die Namensauflösung nicht funktioniert, ist die "IP" hier aufgrund der Fehlermeldung aus host "found:".

Die entsprechende Nagios-Meldung lautet dann:
"Could not connect to the server at port 7389"

Eventuell könnte das Determinieren der IP auch direkt eleganter gelöst werden.
Alternativ sollte das abgefangen und entsprechend gemeldet werden.

Comment 1 Michael Grandjean

2014-10-20 14:47:21 CEST

This is quite annoying if UDP doesn't work for name resolution. The 'host' command then trys TCP instead (which is good), but this lets UNIVENTION_LDAP_AUTH (check_univention_ldap) fail:

> root@ucs2:~# host ucs2
> ;; Truncated, retrying in TCP mode.
> ucs2.fqdn.tld has address 172.16.0.12

In this case the variable "IP" of "check_univention_ldap" becomes "in":

> /usr/lib/nagios/plugins/check_ldap -H in ...
> Could not bind to the LDAP server

Comment 2 Janis Meybohm

2015-05-04 11:10:02 CEST

(In reply to Michael Grandjean from comment #1)
> > root@ucs2:~# host ucs2
> > ;; Truncated, retrying in TCP mode.
> > ucs2.fqdn.tld has address 172.16.0.12
> 
> In this case the variable "IP" of "check_univention_ldap" becomes "in":
> 
> > /usr/lib/nagios/plugins/check_ldap -H in ...
> > Could not bind to the LDAP server


Customer reported that one again via 2015043021000217.

Comment 3 Michael Grandjean

2015-06-19 10:28:57 CEST

Still true for UCS 4.0

Comment 4 Felix Botner

2015-06-25 16:09:56 CEST

YAML: 2015-06-25-univention-nagios.yaml

check_univention_ldap now uses the FQDN of the server for the check. Every UCS system has its own ip/name in /etc/hosts. So, dns issues should ruled out.

Comment 5 Stefan Gohmann

2015-06-27 20:33:48 CEST

(In reply to Felix Botner from comment #4)
> YAML: 2015-06-25-univention-nagios.yaml

Please change it to 4.0-2 only.

Comment 6 Philipp Hahn

2015-07-01 10:49:34 CEST

OK: r61489
FYI: Missing `uniupdatecopyright`

OK: aptitude -y install '?source-package(^univention-nagios$)~i'
OK: zless /usr/share/doc/univention-nagios-common/changelog.Debian.gz
OK: /usr/lib/nagios/plugins/check_univention_ldap
OK: sevice bind9 stop;/usr/lib/nagios/plugins/check_univention_ldap
OK: amd64 i386

(In reply to Stefan Gohmann from comment #5)
> Please change it to 4.0-2 only.

FIXED: 2015-06-25-univention-nagios.yaml r61586
OK: errata-announce -V 2015-06-25-univention-nagios.yaml


RFC: # apt-cache rdepends univention-nagios-client
...  univention-server-member
Should "ldap/server/name" be checked instead of "hostname", as a Member-Server has no local LDAP server?

FYI: The check is currenly only enabled for DCs:
30univention-nagios-client.inst:102 # add ldap check only on role "domaincontroler_*"

Comment 7 Janek Walkenhorst

2015-07-03 14:06:59 CEST

<http://errata.univention.de/ucs/4.0/226.html>