Created attachment 1087122 [details] patch nrpe initscript to check pid file for status/killproc calls Description of problem: When running nrpe as a standalone service, the default nrpe configuration file places the pid in pid_file=/var/run/nrpe/nrpe.pid However, the initscript does not check the pid file when calling status/killproc and simply looks for the process 'nrpe' running in the process table. This causes a race-condition when using the initscript to test the status service, causing it to falsely believe nrpe is started using the initscript when it may not be -- ie. when started by xinetd. Version-Release number of selected component (if applicable): 2.15-7.el6 How reproducible: Consistently Steps to Reproduce: 1. Configure xinetd to front nrpe and not from initscript 2. Create a long-running nrpe check. I used: 'command[really_long_check]=/bin/sleep 9' 3. Continuously run "check_nrpe -H <hostname> -c really_long_check" 4. Test service status using initscript Actual results: 'service nrpe status' returns something like: nrpe (pid 4807 4806) is running... Expected results: 'service nrpe status' should return: nrpe is stopped Additional info: It looks like this can be solved by adding '-p /var/run/nrpe/nrpe.pid' to calls to the 'status' and 'killproc' functions inside the initscript. patch attached.
This issue also causes the nrpe init script to kill all other nrpe processes on the host. At TDC Hosting we have our own nrpe package which is completely separated from other nrpe's which we use for our purposes. This allows us to let customers install nrpe from epel etc. But now the epel nrpe will kill our nrpe upon stop and restart because of the pid file issue described above. Pls fix.
nrpe-3.0.1-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b64fc8eec9
nrpe-3.0.1-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b64fc8eec9
nrpe-3.0.1-4.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-16f636413b
nrpe-3.0.1-4.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7d833d4735
nrpe-3.0.1-4.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-16f636413b
nrpe-3.0.1-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7d833d4735
nrpe-3.1.0-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4b4962389a
nrpe-3.1.0-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6efc362080
nrpe-3.1.0-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6efc362080
nrpe-3.1.0-2.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d67b84547b
nrpe-3.1.0-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2c0b443f54
I have tested nrpe-3.1.0-2.el6.x86_64 on RedHat 6.9 with our own nrpe running also. The new EPEL provided nrpe no longer stops our nrpe when using /etc/init.d/nrpe stop. So this is good. I do notice that I am unable to start the EPEL nrpe with sudo /etc/init.d/nrpe start. It reports OK but silently fails to start. If I run sudo /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d it silently fails to start. If I run sudo strace -f /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d it starts but does not tell me anything is weird or broken. Seems a bit bad and weird to me.
@Sven thanks for testing. I am not able to replicate the crash on my 6.9 CentOS box or RHEL6 box. Could you see if there is an selinux issue on your box? If not could you attach the strace so I can try to figure out what might be causing it. Thanks
SELinux is completely disabled. I am unable to give an strace where it fails since it works when I run with strace.
Tested a bit more. If I run sudo -b strace -f -o /tmp/muh /etc/init.d/nrpe start nrpe starts [tdchsve@puprh6v01]~% ps ax|grep nrpe 13184 ? Ss 0:00 /prod/nagios/sbin/nrpe -c /prod/nagios/etc/nrpe.cfg -d -n 21277 pts/0 S 0:00 sudo -b strace -f -o /tmp/muh /etc/init.d/nrpe start 21278 pts/2 Ss+ 0:00 sudo -b strace -f -o /tmp/muh /etc/init.d/nrpe start 21279 pts/2 S 0:00 strace -f -o /tmp/muh /etc/init.d/nrpe start 21292 ? Ss 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d 21433 pts/0 S+ 0:00 grep nrpe But notice how the sudo strace is still running. The last bits from the /tmp/muh file are: 21292 fcntl(4, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 21292 setsockopt(4, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 21292 bind(4, {sa_family=AF_INET, sin_port=htons(5666), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 21292 listen(4, 5) = 0 21292 sendto(3, "<30>May 4 15:57:18 nrpe[21292]:"..., 71, MSG_NOSIGNAL, NULL, 0) = 71 21292 socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = -1 EAFNOSUPPORT (Address family not supported by protocol) 21292 sendto(3, "<27>May 4 15:57:18 nrpe[21292]:"..., 81, MSG_NOSIGNAL, NULL, 0) = 81 21292 sendto(3, "<30>May 4 15:57:18 nrpe[21292]:"..., 71, MSG_NOSIGNAL, NULL, 0) = 71 21292 sendto(3, "<30>May 4 15:57:18 nrpe[21292]:"..., 70, MSG_NOSIGNAL, NULL, 0) = 70 21292 select(5, [4], NULL, NULL, NULL Quick guess. The daemonizing of nrpe is not done correctly.
Thank you for the updates. I ran into the opposite problem with a new system with 3.1.0-2 installed. It starts but won't restart or stop the process. [You said this earlier] The new EPEL provided nrpe no longer stops our nrpe when using /etc/init.d/nrpe stop. So this is good. I am confused.. the whole purpose of /etc/init.d/nrpe is to stop the process so that is not good. [That problem is caused because I set the /var/run/nrpe/nrpe.pid to be the start pid but the script goes to /var/run/nrpe.pid] I also realized I have been dealing with EL7 and above for too long and forgot that rhel-6 uses sh scripts to start the program and should have told you to run via sh -x. Looking at the output, I think the problem may be that you are running 2 versions of nrpe at the same time: 13184 ? Ss 0:00 /prod/nagios/sbin/nrpe -c /prod/nagios/etc/nrpe.cfg -d -n would conflict with the /usr/sbin/nrpe in many cases.
nrpe-3.1.0-3.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-928f1e8448
It is correct that we have two versions of nrpe on the same host. Our own version 2.15 which we compile so it does not interfere with other nrpe's. Thus it has its own pid file called tdchnrpe.pid. It lives in /prod/nagios. It runs on its own port and uses its own user/uid which we have chosen so it does not conflict with anything else. The issue I have report was that the EPEL provided nrpe killed ALL running nrpe's which is wrong. The EPEL provided nrpe ran ps ax|grep nrpe to find nrpe's or used killall nrpe (cannot remember the specifics) which caused it to kill our nrpe upon stop. The new package fixes that and only kills the EPEL nrpe. So far so good. We are happy. The other thing I reported is that it seems the EPEL nrpe does not work well with sudo which is most likely due to not closing all fd's when forking as a daemon. I agree that this is a different issue and that the original issues has been fixed.
nrpe-3.1.0-3.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-928f1e8448
Thank you for your patience. I believe I have a fix for this to try in all the releases later today.
nrpe-3.1.1-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-69a58c7a69
nrpe-3.1.1-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-eb24165ee1
nrpe-3.1.1-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-be117b53a8
nrpe-3.1.1-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-92879f40b9
nrpe-3.1.1-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f37341bbab
nrpe-3.1.1-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-92879f40b9
nrpe-3.1.1-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f37341bbab
nrpe-3.1.1-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-be117b53a8
nrpe-3.1.1-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-eb24165ee1
nrpe-3.1.1-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-69a58c7a69
nrpe-3.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
nrpe-3.1.1-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
nrpe-3.1.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
nrpe-3.1.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
nrpe-3.1.1-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.