Ubuntu
nagios-nrpe package

nrpe reports ssl issues on focal

Bug #1983986 reported by Arif Ali
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Nagios Charm
Fix Released
Undecided
Unassigned
Nagios Charm 23.01
nagios-nrpe (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

We have many cloud deployments showing this particular issue. We were also able to reproduce this issue in the lab environment too using [1]

In lab environment

cd ~/stsstack-bundles/openstack

./generate-bundle.sh \
  --run \
  -n lma-focal \
  -s focal \
  --use-stable-charms \
  --overlay-network-type gre \
  --create-model \
  --num-compute 1 \
  --nagios \
  --lma

After a moment, and once everything settles, we can login to keystone/0, and we will start to see the following messages occurring at ~30s intervals

~~~
Aug 8 16:04:59 juju-8d5724-lma-focal-5 nrpe[51760]: Error: (use_ssl == true): Request packet version was invalid!
Aug 8 16:04:59 juju-8d5724-lma-focal-5 nrpe[51760]: Could not read request from client 10.5.3.37, bailing out...
Aug 8 16:04:59 juju-8d5724-lma-focal-5 nrpe[51760]: INFO: SSL Socket Shutdown.
~~~

[1] https://github.com/canonical/stsstack-bundles

Tags: sts

Related branches

~arif-ali/charm-nagios:nrpe_v2_only
Paul Goins: Approve
Eric Chen: Approve
🤖 prod-jenkaas-bootstack: Approve (continuous-integration)
BootStack Reviewers: Pending requested
Diff: 32 lines (+13/-0)
2 files modified
config.yaml (+9/-0)
hooks/common.py (+4/-0)
~arif-ali/charm-nagios:nrpe_v2_only
Superseded for merging into charm-nagios:master
Paul Goins: Needs Fixing
BootStack Reviewers: Pending requested
Diff: 13 lines (+2/-0)
1 file modified
hooks/common.py (+2/-0)
Revision history for this message
Paul Goins (vultaire) wrote (last edit ):

Also reproduced in a simpler way, avoiding the need to do even a minimal OpenStack deploy:

# Assuming focal controller and a new model
juju deploy nagios
juju deploy ubuntu
juju deploy nrpe
juju add-relation nagios:monitors nrpe:monitors
juju add-relation ubuntu:juju-info nrpe

Revision history for this message
Paul Goins (vultaire) wrote :

On Focal, this appears to be caused by this section:

                if (packet_ver != NRPE_PACKET_VERSION_2 && packet_ver != NRPE_PACKET_VERSION_4) {
                        logit(LOG_ERR, "Error: (use_ssl == true): Request packet version was invalid!");
                        return -1;
                }

On Bionic, it was checking against version 2 and 3; on Focal, it's checking version 2 and 4, but not 3. Considering code later down which effectively is now unreachable, this feels like a bug introduced with newer versions of NRPE distributed with Focal.

Revision history for this message
Paul Goins (vultaire) wrote :

Added the Ubuntu nagios-nrpe package as being affected by this bug.

In short: if you have a Bionic-based nagios talking to a Focal-based nrpe, the version 3 packets from nagios will cause error messages to be continually logged for nrpe. The code on the NRPE side appears to be intended for versions 2 through 4, but a specific check was likely updated incorrectly when adding version 4 support, breaking version 3 support in NRPE.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nagios-nrpe (Ubuntu):
status: New → Confirmed
Arif Ali (arif-ali)
Changed in nagios-nrpe (Ubuntu):
status: Confirmed → Fix Released
Robert Gildein (rgildein)
Changed in charm-nagios:
milestone: none → 23.01
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.