Bug 1291718

Summary: nagios 4.0.8 fails to start with "Error: Failed to initialize query handler" (bind() failed: No such file or directory)
Product: [Fedora] Fedora EPEL Reporter: Lenz Grimmer <lenz>
Component: nagiosAssignee: Scott Wilkerson <swilkerson>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: affix, aron, cfeller, jose.p.oliveira.oss, lemenkov, mail, nb, ondrejj, shawn.starr, s, swilkerson, vanlee.araujo
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: nagios-4.0.8-2.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-21 04:39:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Lenz Grimmer 2015-12-15 13:45:25 UTC
Description of problem:

nagios 4.0.8 from EPEL7 fails to start, as it can't create the socket file /var/log/nagios/rw/nagios.qh due to permission issues.

There are two reasons for this, this bug report will explain the first one.
I'll submit a second report that covers the second problem that can occur.

The directory /var/log/nagios/rw/ does not exist and nagios does not seem to be able to create it.

How to repeat:

[root@centospkgtest ~]# cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 
[root@centospkgtest ~]# yum list nagios
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: artfiles.org
 * epel: epel.besthosting.ua
 * extras: artfiles.org
 * updates: centos.arlionprojects.com
Installed Packages
nagios.x86_64                         4.0.8-1.el7                          @epel
[root@centospkgtest ~]# setenforce Permissive
[root@centospkgtest ~]# getenforce 
Permissive
[root@centospkgtest ~]# systemctl start nagios
[root@centospkgtest ~]# systemctl status nagios
● nagios.service - Nagios Network Monitoring
   Loaded: loaded (/usr/lib/systemd/system/nagios.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2015-12-15 14:28:06 CET; 6s ago
     Docs: http://www.nagios.org/documentation
  Process: 1426 ExecStart=/usr/sbin/nagios /etc/nagios/nagios.cfg (code=exited, status=1/FAILURE)
  Process: 1424 ExecStartPre=/usr/sbin/nagios -v /etc/nagios/nagios.cfg (code=exited, status=0/SUCCESS)
 Main PID: 1426 (code=exited, status=1/FAILURE)

Dec 15 14:28:06 centospkgtest systemd[1]: Starting Nagios Network Monitoring...
Dec 15 14:28:06 centospkgtest systemd[1]: Started Nagios Network Monitoring.
Dec 15 14:28:06 centospkgtest systemd[1]: nagios.service: main process exite...E
Dec 15 14:28:06 centospkgtest systemd[1]: Unit nagios.service entered failed....
Dec 15 14:28:06 centospkgtest systemd[1]: nagios.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@centospkgtest ~]# cat /var/log/nagios/nagios.log 
[1450186086] Nagios 4.0.8 starting... (PID=1426)
[1450186086] Local time is Tue Dec 15 14:28:06 CET 2015
[1450186086] LOG VERSION: 2.0
[1450186086] qh: Failed to init socket '/var/log/nagios/rw/nagios.qh'. bind() failed: No such file or directory
[1450186086] Error: Failed to initialize query handler. Aborting
[root@centospkgtest ~]# install -d -m 755 -o nagios -g nagios /var/log/nagios/rw
[root@centospkgtest ~]# ls -ld /var/log/nagios/rw
drwxr-xr-x. 2 nagios nagios 6 Dec 15 14:28 /var/log/nagios/rw
[root@centospkgtest ~]# rm /var/log/nagios/nagios.log
[root@centospkgtest ~]# systemctl start nagios[root@centospkgtest ~]# systemctl status nagios● nagios.service - Nagios Network Monitoring
   Loaded: loaded (/usr/lib/systemd/system/nagios.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2015-12-15 14:29:10 CET; 3s ago
     Docs: http://www.nagios.org/documentation
  Process: 1440 ExecStartPre=/usr/sbin/nagios -v /etc/nagios/nagios.cfg (code=exited, status=0/SUCCESS)
 Main PID: 1441 (nagios)
   CGroup: /system.slice/nagios.service
           ├─1441 /usr/sbin/nagios /etc/nagios/nagios.cfg
           ├─1443 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh
           ├─1444 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh
           ├─1445 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh
           ├─1446 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh
           ├─1447 /usr/sbin/nagios /etc/nagios/nagios.cfg
           ├─1448 /usr/lib64/nagios/plugins/check_ping -H 127.0.0.1 -w 3000.0...
           └─1449 /usr/bin/ping -n -U -w 30 -c 5 127.0.0.1

Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Successfully registered m...r
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...5
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...3
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...6
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...4
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...3
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...6
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...4
Dec 15 14:29:11 centospkgtest nagios[1441]: Successfully launched command fi...7
Dec 15 14:29:11 centospkgtest nagios[1441]: Successfully launched command fi...7
Hint: Some lines were ellipsized, use -l to show in full.
[root@centospkgtest ~]# cat /var/log/nagios/nagios.log
[1450186150] Nagios 4.0.8 starting... (PID=1441)
[1450186150] Local time is Tue Dec 15 14:29:10 CET 2015
[1450186150] LOG VERSION: 2.0
[1450186150] qh: Socket '/var/log/nagios/rw/nagios.qh' successfully initialized
[1450186150] qh: core query handler registered
[1450186150] nerd: Channel hostchecks registered successfully
[1450186150] nerd: Channel servicechecks registered successfully
[1450186150] nerd: Channel opathchecks registered successfully
[1450186150] nerd: Fully initialized and ready to rock!
[1450186150] wproc: Successfully registered manager as @wproc with query handler
[1450186150] wproc: Registry request: name=Core Worker 1445;pid=1445
[1450186150] wproc: Registry request: name=Core Worker 1443;pid=1443
[1450186150] wproc: Registry request: name=Core Worker 1446;pid=1446
[1450186150] wproc: Registry request: name=Core Worker 1444;pid=1444
[1450186151] Successfully launched command file worker with pid 1447

Manually creating /var/log/nagios/rw allows the socket to be created, at least if SELinux is disabled (see my other bug report about this).

However, I wonder if /var/log is the appropriate location for a socket file.

Shouldn't this rather be put unter /var/run/nagios then?

I'd suggest to change the value of "query_socket" in /etc/nagios/nagios.cfg to "/var/run/nagios/nagios.qh" instead - this directory is already created by /usr/lib/tmpfiles.d/nagios.conf by default.

Comment 1 Lenz Grimmer 2015-12-15 14:05:57 UTC
See BUG#1291734 for the second issue related to creating the socket file if SELinux is enabled. I suggest fixing this bug first, once the socket location has been decided, the SELinux policy should be updated accordingly.

Comment 2 Fedora Update System 2015-12-30 02:27:46 UTC
nagios-4.0.8-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-eed09b5974

Comment 3 Jan ONDREJ 2015-12-31 09:01:37 UTC
Hello. Looking at patch in EPEL git:

+#!!!! This avc is allowed in the current policy
+allow nagios_t nagios_spool_t:sock_file { write create unlink };
+#!!!! This avc can be allowed using the boolean 'daemons_enable_cluster_mode'
+allow nagios_t self:unix_stream_socket connectto;

Do you think, that ...

1. these comments should be part of patch?

2. it's a good idea to modify settings, which can be set by selinux booleans?

3. selinux settings should go into nagios main package instead of nagios-selinux?

4. selinux policy updates should be a part of nagios\*src.rpm, instead of selinux-policy package? May be all of above comments are irrelevant and this bug should be reported against selinux-policy package, instead of nagios package.

Because there are changes in nagios after udpate to v4, there are required changes in selinux policy. But because nagios module is a part of upstream selinux-policy-contrib, there is no need to add another module to nagios package, but it's better to fix this in selinux-policy package.

Please, consider removaol of this patch and update and change component of this but to selinux-policy.

Comment 4 Lenz Grimmer 2015-12-31 22:33:31 UTC
I agree that this should probably be fixed in selinux-policy instead.

Comment 5 Fedora Update System 2016-01-01 04:20:55 UTC
nagios-4.0.8-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-eed09b5974

Comment 6 Van Lee 2016-01-07 19:43:29 UTC
To resolve this problem in CentOS, I'm create a directory /var/log/nagios/rw that not exist and apply permission to user that have access. My case is 'nagios'.

mkdir /var/log/nagios/rw
chmod 777 /var/log/nagios/rw

And resolve all your problems.
:-)

Comment 7 Lenz Grimmer 2016-01-08 08:56:56 UTC
Van: I'm aware that this problem can be solved by manually creating /var/log/nagios/rw (as I wrote in the initial report). The point is, I should not have to do that myself, the RPM package should create all the necessary directories itself.

Comment 8 Fedora Update System 2016-01-21 04:38:51 UTC
nagios-4.0.8-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.