NRPE Charm

Conntrack check does not work in LXD containers

Bug #1673064 reported by Sandor Zeestraten
30
This bug affects 5 people
Affects Status Importance Assigned to Milestone
NRPE Charm
Fix Released
Medium
Paul Gear

Bug Description

Juju 2.1.1
MAAS 2.1.3

Deploying NRPE rev. 13 to monitor the latest stable OpenStack charms (all but ceph-mon and ceph-osd) with Nagios rev. 15 ends up as critical with the status "NRPE: Unable to read output"
Other checks are all OK.

Running the local check_conntrack.sh on the unit results in the following output:

ubuntu@juju-1fabb0-0-lxd-0:/etc/nagios/nrpe.d$ /usr/local/lib/nagios/plugins/check_conntrack.sh -w 80 -c 90
sysctl: cannot stat /proc/sys/net/netfilter/nf_conntrack_max: No such file or directory
sysctl: cannot stat /proc/sys/net/netfilter/nf_conntrack_count: No such file or directory
/usr/local/lib/nagios/plugins/check_conntrack.sh: 50: /usr/local/lib/nagios/plugins/check_conntrack.sh: arithmetic expression: division by zero: "current * 100 / max"

Is there a way to disable the check?

See original description
Tags: landscape

Related branches

~paulgear/charm-nrpe/+git/nrpe-charm:master
Haw Loeung: Approve
Diff: 52 lines (+16/-6)
2 files modified
files/plugins/check_conntrack.sh (+10/-2)
hooks/nrpe_helpers.py (+6/-4)
Sandor Zeestraten (szeestraten)
description: updated
David Britton (dpb)
Changed in nrpe-charm:
status: New → Confirmed
importance: Undecided → Medium
David Britton (dpb)
tags: added: landscape
Revision history for this message
Paul Gear (paulgear) wrote :

I think the check should automatically detect when it should not apply (in this case, inside a container where /proc/sys/net/netfilter/nf_conntrack_{count,max} do not exist) and return an appropriate value. My initial inclination is to return 3 (UNKNOWN), with a second preference of 0 (OK). Do you have any thoughts/preferences regarding this?

Revision history for this message
Paul Gear (paulgear) wrote :

I've implemented a tentative fix for both returning UNKNOWN if the check can't determine the correct values, and for allowing manual disabling of checks by setting their configuration to the empty string at https://code.launchpad.net/~paulgear/nrpe-charm/+git/nrpe-charm/+merge/322170

This is untested at present; I'll report back with further info when I've had a chance to test.

Haw Loeung (hloeung)
Changed in nrpe-charm:
assignee: nobody → Paul Gear (paulgear)
status: Confirmed → In Progress
Paul Gear (paulgear)
summary: - Conntrack checks do not work
+ Conntrack check does not work in LXD containers
Revision history for this message
Fairbanks. (fairbanks) wrote :

@paulgear i have tested those changes on a large system, and it works very good.
Also the empty cmd_params is very nice, it removes the check totally from nagios.

With this i can deploy 2 sets of nrpe charms, one for bare-metal and one for lxd containers.
I say, push it to the charm-store so we can deploy ;)

Revision history for this message
Nobuto Murata (nobuto) wrote :

I found this and tested the attached branch. It works for me. It looks like the attached branch was approved but not (yet) merged. Is there any blocker to release it in the charm store?

Revision history for this message
Paul Gear (paulgear) wrote :

I've done some further light testing, fixed a minor issue, and pushed the result to cs:~nrpe-charmers/nrpe-8; I've requested promulgation to cs:nrpe, which hopefully will happen in the next day or so. Please note that due to bugs #1629127 and #1687348, existing installations will need manual cleanup of old checks in /etc/nagios/nrpe.d/.

Changed in nrpe-charm:
status: In Progress → Fix Committed
Revision history for this message
Paul Gear (paulgear) wrote :

Updated version released as https://jujucharms.com/nrpe/17 now.

Changed in nrpe-charm:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.