using Openstack based model, nrpe relation gets the floating IP but connects via fixed IP
Bug #1827703 reported by
Xav Paice
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| NRPE Charm |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
I have two models on Openstack, both are in the same project, and same controller. Using a cross model relation, I have related nrpe on model1 to Nagios on model2. The Nagios host has a floating IP address, the machines in model1 (nrpe) do not.
When I added the relation, two of the three machines got the fixed IP of the Nagios host added to their nrpe.cfg. The third got the floating IP address of the Nagios host, which is not the source address for the Nagios nrpe query and therefore was denied.
I'm raising this against nrpe and Nagios charms as I can't quite tell which relation needs to change.
Related branches
~aurelien-lourot/charm-nrpe/+git/nrpe-charm:bug/1827703
- Jeremy Lounder (community): Approve
- Giuseppe Petralia: Approve
-
Diff: 33 lines (+12/-3)1 file modifiedhooks/nrpe_helpers.py (+12/-3)
| no longer affects: | nagios-charm |
| Changed in nrpe-charm: | |
| status: | New → In Progress |
| assignee: | nobody → Aurelien Lourot (aurelien-lourot) |
| importance: | Undecided → Medium |
Revision history for this message
| Aurelien Lourot (aurelien-lourot) wrote | #1 |
| Changed in nrpe-charm: | |
| status: | In Progress → Fix Committed |
| assignee: | Aurelien Lourot (aurelien-lourot) → nobody |
| Changed in charm-nrpe: | |
| status: | Fix Committed → Fix Released |
| milestone: | none → 20.05 |
To post a comment you must log in.
NRPE needs to allow/whitelist Nagios' floating IP address as it is the address by which NRPE will see incoming connections. From NRPE's perspective this address would be the "egress address" (see https:/
From NRPE's perspective, `network-get --egress-subnets` returns a list of subnets for incoming connections from Nagios. Some of these subnets might be /32 subnets (i.e. addresses) but some may not, so we need to support all cases.
In the end we have to write all these subnets and addresses in the `allowed_hosts` NRPE settings:
https:/
For all versions of NRPEs that we use (2.15 to 3.2.1) these settings support both addresses and subnets.
Here is where we write these settings: https:/