Bug 1291718 - nagios 4.0.8 fails to start with "Error: Failed to initialize query handler" (bind() failed: No such file or directory)
Summary: nagios 4.0.8 fails to start with "Error: Failed to initialize query handler" ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: nagios
Version: epel7
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Scott Wilkerson
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-12-15 13:45 UTC by Lenz Grimmer
Modified: 2016-07-31 20:27 UTC (History)
12 users (show)

Fixed In Version: nagios-4.0.8-2.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-01-21 04:39:07 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Lenz Grimmer 2015-12-15 13:45:25 UTC 
Description of problem:

nagios 4.0.8 from EPEL7 fails to start, as it can't create the socket file /var/log/nagios/rw/nagios.qh due to permission issues.

There are two reasons for this, this bug report will explain the first one.
I'll submit a second report that covers the second problem that can occur.

The directory /var/log/nagios/rw/ does not exist and nagios does not seem to be able to create it.

How to repeat:

[root@centospkgtest ~]# cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 
[root@centospkgtest ~]# yum list nagios
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: artfiles.org
 * epel: epel.besthosting.ua
 * extras: artfiles.org
 * updates: centos.arlionprojects.com
Installed Packages
nagios.x86_64                         4.0.8-1.el7                          @epel
[root@centospkgtest ~]# setenforce Permissive
[root@centospkgtest ~]# getenforce 
Permissive
[root@centospkgtest ~]# systemctl start nagios
[root@centospkgtest ~]# systemctl status nagios
● nagios.service - Nagios Network Monitoring
   Loaded: loaded (/usr/lib/systemd/system/nagios.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2015-12-15 14:28:06 CET; 6s ago
     Docs: http://www.nagios.org/documentation
  Process: 1426 ExecStart=/usr/sbin/nagios /etc/nagios/nagios.cfg (code=exited, status=1/FAILURE)
  Process: 1424 ExecStartPre=/usr/sbin/nagios -v /etc/nagios/nagios.cfg (code=exited, status=0/SUCCESS)
 Main PID: 1426 (code=exited, status=1/FAILURE)

Dec 15 14:28:06 centospkgtest systemd[1]: Starting Nagios Network Monitoring...
Dec 15 14:28:06 centospkgtest systemd[1]: Started Nagios Network Monitoring.
Dec 15 14:28:06 centospkgtest systemd[1]: nagios.service: main process exite...E
Dec 15 14:28:06 centospkgtest systemd[1]: Unit nagios.service entered failed....
Dec 15 14:28:06 centospkgtest systemd[1]: nagios.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@centospkgtest ~]# cat /var/log/nagios/nagios.log 
[1450186086] Nagios 4.0.8 starting... (PID=1426)
[1450186086] Local time is Tue Dec 15 14:28:06 CET 2015
[1450186086] LOG VERSION: 2.0
[1450186086] qh: Failed to init socket '/var/log/nagios/rw/nagios.qh'. bind() failed: No such file or directory
[1450186086] Error: Failed to initialize query handler. Aborting
[root@centospkgtest ~]# install -d -m 755 -o nagios -g nagios /var/log/nagios/rw
[root@centospkgtest ~]# ls -ld /var/log/nagios/rw
drwxr-xr-x. 2 nagios nagios 6 Dec 15 14:28 /var/log/nagios/rw
[root@centospkgtest ~]# rm /var/log/nagios/nagios.log
[root@centospkgtest ~]# systemctl start nagios[root@centospkgtest ~]# systemctl status nagios● nagios.service - Nagios Network Monitoring
   Loaded: loaded (/usr/lib/systemd/system/nagios.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2015-12-15 14:29:10 CET; 3s ago
     Docs: http://www.nagios.org/documentation
  Process: 1440 ExecStartPre=/usr/sbin/nagios -v /etc/nagios/nagios.cfg (code=exited, status=0/SUCCESS)
 Main PID: 1441 (nagios)
   CGroup: /system.slice/nagios.service
           ├─1441 /usr/sbin/nagios /etc/nagios/nagios.cfg
           ├─1443 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh
           ├─1444 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh
           ├─1445 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh
           ├─1446 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh
           ├─1447 /usr/sbin/nagios /etc/nagios/nagios.cfg
           ├─1448 /usr/lib64/nagios/plugins/check_ping -H 127.0.0.1 -w 3000.0...
           └─1449 /usr/bin/ping -n -U -w 30 -c 5 127.0.0.1

Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Successfully registered m...r
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...5
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...3
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...6
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...4
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...3
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...6
Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...4
Dec 15 14:29:11 centospkgtest nagios[1441]: Successfully launched command fi...7
Dec 15 14:29:11 centospkgtest nagios[1441]: Successfully launched command fi...7
Hint: Some lines were ellipsized, use -l to show in full.
[root@centospkgtest ~]# cat /var/log/nagios/nagios.log
[1450186150] Nagios 4.0.8 starting... (PID=1441)
[1450186150] Local time is Tue Dec 15 14:29:10 CET 2015
[1450186150] LOG VERSION: 2.0
[1450186150] qh: Socket '/var/log/nagios/rw/nagios.qh' successfully initialized
[1450186150] qh: core query handler registered
[1450186150] nerd: Channel hostchecks registered successfully
[1450186150] nerd: Channel servicechecks registered successfully
[1450186150] nerd: Channel opathchecks registered successfully
[1450186150] nerd: Fully initialized and ready to rock!
[1450186150] wproc: Successfully registered manager as @wproc with query handler
[1450186150] wproc: Registry request: name=Core Worker 1445;pid=1445
[1450186150] wproc: Registry request: name=Core Worker 1443;pid=1443
[1450186150] wproc: Registry request: name=Core Worker 1446;pid=1446
[1450186150] wproc: Registry request: name=Core Worker 1444;pid=1444
[1450186151] Successfully launched command file worker with pid 1447

Manually creating /var/log/nagios/rw allows the socket to be created, at least if SELinux is disabled (see my other bug report about this).

However, I wonder if /var/log is the appropriate location for a socket file.

Shouldn't this rather be put unter /var/run/nagios then?

I'd suggest to change the value of "query_socket" in /etc/nagios/nagios.cfg to "/var/run/nagios/nagios.qh" instead - this directory is already created by /usr/lib/tmpfiles.d/nagios.conf by default.
Comment 1 Lenz Grimmer 2015-12-15 14:05:57 UTC 
See BUG#1291734 for the second issue related to creating the socket file if SELinux is enabled. I suggest fixing this bug first, once the socket location has been decided, the SELinux policy should be updated accordingly.
Comment 2 Fedora Update System 2015-12-30 02:27:46 UTC 
nagios-4.0.8-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-eed09b5974
Comment 3 Jan ONDREJ 2015-12-31 09:01:37 UTC 
Hello. Looking at patch in EPEL git:

+#!!!! This avc is allowed in the current policy
+allow nagios_t nagios_spool_t:sock_file { write create unlink };
+#!!!! This avc can be allowed using the boolean 'daemons_enable_cluster_mode'
+allow nagios_t self:unix_stream_socket connectto;

Do you think, that ...

1. these comments should be part of patch?

2. it's a good idea to modify settings, which can be set by selinux booleans?

3. selinux settings should go into nagios main package instead of nagios-selinux?

4. selinux policy updates should be a part of nagios\*src.rpm, instead of selinux-policy package? May be all of above comments are irrelevant and this bug should be reported against selinux-policy package, instead of nagios package.

Because there are changes in nagios after udpate to v4, there are required changes in selinux policy. But because nagios module is a part of upstream selinux-policy-contrib, there is no need to add another module to nagios package, but it's better to fix this in selinux-policy package.

Please, consider removaol of this patch and update and change component of this but to selinux-policy.
Comment 4 Lenz Grimmer 2015-12-31 22:33:31 UTC 
I agree that this should probably be fixed in selinux-policy instead.
Comment 5 Fedora Update System 2016-01-01 04:20:55 UTC 
nagios-4.0.8-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-eed09b5974
Comment 6 Van Lee 2016-01-07 19:43:29 UTC 
To resolve this problem in CentOS, I'm create a directory /var/log/nagios/rw that not exist and apply permission to user that have access. My case is 'nagios'.

mkdir /var/log/nagios/rw
chmod 777 /var/log/nagios/rw

And resolve all your problems.
:-)
Comment 7 Lenz Grimmer 2016-01-08 08:56:56 UTC 
Van: I'm aware that this problem can be solved by manually creating /var/log/nagios/rw (as I wrote in the initial report). The point is, I should not have to do that myself, the RPM package should create all the necessary directories itself.
Comment 8 Fedora Update System 2016-01-21 04:38:51 UTC 
nagios-4.0.8-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.