Last week I posted on how to setup NRPE on Mac OS X Server. Here is what you need to do to make it start up at system boot.
On a Linux or Solaris machine you can just include the call to the daemon in an init script like rc.local and it will be started when the OS boots. Unfortunately, Apple has made this a little more difficult on Mac OS X with Tiger and Leopard. The standard startup processes (cron, inetd, xinetd, etc.) have been rolled into a single process known as launchd.
The first step is to create a symbolic link to the NRPE config file from the default location to the root of the NRPE directory.
- cd /usr/local/nagios/
- ln -s etc/nrpe.cfg nrpe.cfg
The next setp is to ensure that the NRPE daemon will be able to connect with Nagios server. There are two ways to do this. One way is to add a line to the /etc/services file to allow for an open port for NRPE. The second way is to open the port as part of the launchd process.
Method One – edit the /etc/services file
- cd /etc/
- sudo vi /etc/services
- add the following line to the end of the file:
5666/tcp # Nagios NRPE client
Method Two – use the launchd process
This method involves including a dictionary key into the launchd plist file that sets the socket type and port number for the NRPE service to use for listening. The plist code is shown below:
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockServiceName</key>
<string>5666</string>
<key>SockType</key>
<string>stream</string>
<key>SockFamily</key>
<string>IPv4</string>
</dict>
</dict>
The rest of setting up the plist is required to make the process work. Here is a copy of my entire plist:
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>KeepAlive</key>
<dict>
<key>NetworkState</key>
<true/>
</dict>
<key>UserName</key>
<string>nagios</string>
<key>GroupName</key>
<string>nagios</string>
<key>Program</key>
<string>/usr/local/nagios/bin/nrpe</string>
<key>ProgramArguments</key>
<array>
<string>-c</string>
<string>/usr/local/nagios/etc/nrpe.cfg</string>
<string>-i</string>
</array>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockServiceName</key>
<string>5666</string>
<key>SockType</key>
<string>stream</string>
<key>SockFamily</key>
<string>IPv4</string>
</dict>
</dict>
<key>inetdCompatibility</key>
<dict>
<key>Wait</key>
<false/>
</dict>
<key>Label</key>
<string>org.nagios.nrpe</string>
</dict>
</plist>
Copy the above code into a text file and name it nrpe.plist and copy it into the /Library/LaunchDaemons/ directory. You can manually start the service by executing the following commands:
- sudo launchctl load /Library/LaunchDaemons/nrpe.plist
- sudo launchctl start org.nagios.nrpe
Thank you, thank you, thank you, for this and your previous post.
I had been trying to install NRPE through MacPorts but whoever is keeping up that package isn’t doing a very good job.
Pingback: Checking OS X services using Nagios
This plist will fail to launch nrpe if you don’t have a nagios user/group. You’ll get errors like this in /var/log/system.log and /var/log/asl.log:
[Message org.nagios.nrpe: getpwnam("nagios") failed]
[Message org.nagios.nrpe: getgrnam("nagios") failed]
You’ll need to edit the plist and change the appropriate group and user names.
I also added the following section based on some info I found on the web – I don’t know if it’s really needed or not:
WorkingDirectory
/usr/local/nrpe/
I originally added it right above the first ProgramArguments but launchctl has moved it down to just above inetdCompatibility
To see if you were able to sucessfully load this plist and to verify that nrpe is running, executee “launchctl list” and look for the string org.nagios.nrpe
HTH,
JW
http://jwadmin.blogspot.com
JW,
You are correct that the user and group of nagios would be required. However since I followed the install method that we use on our Solaris machines this wasn’t a problem. I just created the user and group.
As for the WorkingDirectory section, I tried this and it didn’t successfully work on my installations. Which is why I created the symbolic link for the config file as well as specifying the complete path to the binary.
You can also tell whether the plist worked successfully by watching the console for error messages. All you get from the list of loaded launch processes is whether it is running or not. The console messages actually give you error messages that you can use for debug.
HTH,
Andy
Andy,
I’ve followed your instructions but when i these entries in my sys log when trying to check
org.nagios.nrpe[422]: launchproxy[422]: /oac/sfw/nagios/bin/nrpe: Connection from: 140.x.x.xx on port: 49593
Have you seen these errors before?
Running 10.5.6
-jak
Sorry for the typo…trigger finger hit send before i finished writing..
Andy,
I’ve followed your instructions but when i connect on my nagios server i get these entries in my system.log file.
org.nagios.nrpe[422]: launchproxy[422]: /oac/sfw/nagios/bin/nrpe: Connection from: 140.x.x.xx on port: 49593
launchproxy[446]: execv(): Permission denied
Command from server:
./check_nrpe -H testmachine -c check_disk_general
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
Have you seen these message before?
Thanks,
-jak
@jak
I am assuming that you tested the NRPE plugin setup on the OS X server first before attempting the launchd process correct?
You should make sure that the plugin itself is working before automating the startup.
Also, you might want to check the firewall on the client machine to ensure that the connection will make it through.
Andy
Great job. Thanks your.
Hi,
thanks for your script.
After installing and starting it via launchctl (checking config and nrpe path before), I got the following error message:
nrpe[9711]: Config file ‘//nrpe.cfg’ contained errors, aborting…
But the config path is correct definied in the plist.
Any ideas, why this is not working. My server ist running on MacOSX 10.4.x
Thanks,
André
Andre;
I had a similar problem. I created a sym-link:
ln -a $nrpe_home/etc/nrpe.cfg /nrpe.cfg
That seems to have worked for me. Your mileage may vary.
peace
I meant
ln -s $nrpe_home/etc /nrpe.cfg
My iPhone, for some reason, auto-corrected to “-a”.
Sorry for any confusion.
ln -s $nrpe_home/etc/nrpe.cfg /nrpe.cfg
…and many thanx for the plist file, arfore.
i found out you don’t need the link unter / if you add -n to the launch array like this:
…
-n
-c
/opt/nagios/etc/nrpe.cfg
-i
…
greets
hugo
This worked for me:
cd /etc
ln -s /usr/local/nagios/etc/nrpe.cfg .
I keep getting the error:
Config file ‘//nrpe.cfg’ contained errors, aborting…
I’ve tried all the suggestions by putting ln -s for:
/etc/nrpe.cfg
/users/nagios/nrpe.cfg
nothing seems to help.
yet it works fine in standalone….
I had all of the same problems with Config file ‘//nrpe.cfg’ contained errors, aborting…
This was in OSXServer 10.5.8 …
… was able to get it to work by symlinking nrpe.cfg to the root directory …
… but a better fix was to change the launchd plist file from:
Program
/usr/local/nagios/bin/nrpe
ProgramArguments
-c
/usr/local/nagios/etc/nrpe.cfg
-i
to:
ProgramArguments
/usr/local/nagios/bin/nrpe
-c
/usr/local/nagios/etc/nrpe.cfg
-i
For some reason, the Program argument in the original .plist was preventing the ProgramArguments from being sent … so the cause of the” ‘//nrpe.cfg’ contained errors, aborting…” message was that the config file location was not being sent to the daemon, and nrpe had no path to find the config file at other than “/”
Hope that helps. This may be specific to higher versions of 10.5 server …
Rob,
This may be a working fix, however according to the documentation provided by Apple, this should not be necessary.
Providing the name of the daemon as the first item in the ProgramArguments array is a fallback for not listing the daemon as the string in the Program key.
Andy
Hi Andy: I know your plist was right according to the documentation, but it took many hours of experimentation to discover that the only way I could get it to work was to use the ProgramArguments only. Who knows why.
Thanks very much for your tutorials … very helpful.
Thx you very much,
but my mac doesn’t work. I have the problem, if i want the check_nrpe -H localhost i get the message
check_nrpe error could not complete ssl handshake
what is wrong? i have the mac server 10.6 thxxx
Configure nrpe with the option
./configure –disable-ssl
make all
and it will work. Just had the same problem here with ssl-handshake and this solved it for me.
Thanks for this great tutorial.
Thank you very much for your help and setup on this, due to changes in the OS I too had to tweak my .plist file, but wanted to ask the folks here who got this to work; Do you have many, many instances of nrpe loaded in your launchctl list?
I believe I may have done something wrong in my plist, but can’t be certain.
Thanks in advance!
Hello Thu,
Here’s the link to the site that helped me sort out the problem that you’re encountering. As with any Nagios setup you’re going to spend a bit of (very rewarding) time getting the tweaks right. Good luck!
http://ubuntuforums.org/archive/index.php/t-498435.html
John
Hi all. I had similar problems under Mac OSX Server 10.6
I always encountered this error:
check_nrpe error could not complete ssl handshake
After checking the error log I noticed that the daemon crashed (and was restarted by launchd) every time a nagios would try to connect. That’s why it couldn’t complete the SSL handshake.
I solved this in 2 steps:
- I chowned the /var/run/nrpe.pid file to the nagios user (in my case “nagios”)
- in the plist I changed the -d with -i (meaning that nrpe should run as service, instead of standalone daemon)
that was it. I hope this helps !
I too am having the same issues. I really couldn’t get it working based on John’s examples… Anyone else having this problem? Anyone have a fix?
I too am having the same issues as Thu. I really couldn’t get it working based on John’s examples… Anyone else having this problem? Anyone have a fix?
Pingback: Plagiarism, flattery and the Internet