Bug 1470684
Summary: | NRPE stopped working using SSL | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Timo Schoeler <timo> |
Component: | nrpe | Assignee: | Stephen John Smoogen <smooge> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 26 | CC: | athmanem, b.heden, jose.p.oliveira.oss, kmf, ondrejj, redhat, smooge, smooge, s, swilkerson, timo |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nrpe-3.2.0-3.fc26 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-09 15:53:51 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Timo Schoeler
2017-07-13 12:57:03 UTC
Please try the version in testing which may fix the issue or give more information on the problem. One of the issues that has come up is that older nrpe clients are trying to talk SSL which current openssl no longer supports. The only fix for that is updating the client. Updated to Name : nrpe Version : 3.1.1 Release : 6.fc26 Arch : x86_64 Size : 337 k Source : nrpe-3.1.1-6.fc26.src.rpm Repo : @System From repo : updates-testing Problem is persistent. Our icinga2 server is running FreeBSD and OpenSSL 1.0.2l. F25 had OpenSSL 1.0.2k-fips 26 Jan 2017, while F26 features OpenSSL 1.1.0f-fips 25 May 2017 – my first assumption was that due to the major change here something went south. Ok my first check would be to see if the client can talk to itself. I notice the clients are in FIPS mode. Is that by need, design or accident? [The reason is that FIPS lowers the number of available algorithms and what they can talk to.] If it is done on purpose, how are you doing it so I can try to replicate? Thanks. OK talking with upstream shows it is going to take basically going to 3.2.1 to get openssl 1.1.0f fully functional. I will work on packaging that up and put it in a repo for you to test/work. Thanks a lot for your reply. Sorry for not answering you in a timely manner, I was out of office. Best regards Timo Regarding FIPS: All vanilla here. nrpe-3.2.0-1git.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-487a01f0be This should be fixed in the updates-testing in a day or 2. nrpe-3.2.0-2git.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b30a5177e7 nrpe-3.2.0-2git.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b30a5177e7 Thanks a lot, Stephen! That solved the issue. Best regards Timo nrpe-3.2.0-3.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-47d1a274d4 nrpe-3.2.0-3.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-47d1a274d4 *** Bug 1478997 has been marked as a duplicate of this bug. *** Works well. Please put this to stable, because current stable version is not working. # nagios server dnf --enablerepo updates-testing update nagios-plugins-nrpe\* systemctl restart nagios # nrpe hosts dnf --enablerepo updates-testing update nrpe\* systemctl restart nrpe nrpe-3.2.0-3.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. |