sudeephb
commented
11 months ago (by afreiberger) Workaround:
juju run -a
Open sudeephb opened 11 months ago
sudeephb
commented
11 months ago (by afreiberger) Workaround:
juju run -a
sudeephb
commented
11 months ago (by vultaire) I had a similar issue occur with etcd NRPE alerts. Same script, but different directory.
Traceback (most recent call last):
File "/usr/lib/nagios/plugins/check_etcd-alarms.py", line 5, in
I would extend Drew's tweak as follows, to address the extra path, as well as the path from which the charm seems to do an rsync:
juju run -a
sudeephb
commented
11 months ago (by marcusboden) I ran into the issue as well. After applying Paul's fix, I still had some issues with missing read permissions: ls -l /usr/local/lib/nagios/plugins/ total 188 -rwxr-x--x 1 root root 2465 May 25 21:22 check_arp_cache.py -rwxr-xr-x 1 root root 5591 May 25 21:22 check_cis_audit.py -rwxr-x--x 1 root root 1974 May 25 21:22 check_conntrack.sh -rwxr-xr-x 1 root root 1431 May 25 21:22 check_cpu_governor.py -rwxr-x--x 1 root root 5721 May 25 21:22 check_exit_status.pl -rwxr-xr-x 1 root root 2341 May 25 20:08 check_hw_health_cron_output.py -rwxr-xr-x 1 root root 994 May 25 20:08 check_ipmi.py -rwxr-xr-x 1 root root 40212 May 25 20:08 check_ipmi_sensor -rwxr-xr-x 1 root root 4783 May 25 21:22 check_lacp_bond.py -rwxr-xr-x 1 root root 15111 May 25 21:22 check_mem.pl -rwxr-xr-x 1 root root 4025 May 25 21:22 check_netlinks.py -rwxr-xr-x 1 root root 1135 May 25 21:22 check_netns.sh -rwxr-xr-x 1 root root 2694 May 25 20:00 check_ntpmon.py -rwxr-xr-x 1 root root 2746 May 25 21:22 check_reboot.py -rwxr-x--x 1 root root 2400 May 25 21:22 check_ro_filesystem.py -rwxr-xr-x 1 root root 1997 May 25 21:22 check_status_file.py -rwxr-x--x 1 root root 2169 May 25 21:22 check_swap_activity -rwxr-x--x 1 root root 1467 May 25 21:22 check_systemd.py -rwxr-xr-x 1 root root 5212 May 25 21:22 check_systemd_scopes.py -rwxr-x--x 1 root root 2651 May 25 21:22 check_upstart_job -rwxr-x--x 1 root root 1338 May 25 21:22 check_xfs_errors.py -rwxr-xr-x 1 root root 4268 May 25 21:22 cron_cis_audit.py -rwxr-xr-x 1 root root 5955 May 25 20:09 cron_ilorest.py -rwxr-xr-x 1 root root 2159 May 25 20:09 cron_ipmi_sensors.py -rwxr-xr-x 1 root root 11479 May 25 20:08 hw_health_lib.py -rw-r--r-- 1 root root 2275 May 25 21:22 nagios_plugin3.py drwxr-xr-x 2 root root 4096 May 25 20:09 pycache
The same was true for the files in /var/lib/juju/agents/unit-nrpe*/charm/files.
I ran on the units find /usr/local/lib/nagios/plugins/ -not -perm -o=r -exec chmod o+r {} \; to fix it.
During an NRPE charm upgrade to charmhub version 75 on a bionic endpoint, we experienced 'NRPE: Unable to read output' errors in Nagios.
Trying to run the failing check resulted in the following dump:
Traceback (most recent call last): File "/usr/local/lib/nagios/plugins/check_lacp_bond.py", line 14, in
from nagios_plugin3 import CriticalError, WarnError, try_check
File "", line 971, in _find_and_load
File "", line 955, in _find_and_load_unlocked
File "", line 665, in _load_unlocked
File "", line 674, in exec_module
File "", line 780, in get_code
File "", line 832, in get_data
PermissionError: [Errno 13] Permission denied: '/usr/local/lib/nagios/plugins/nagios_plugin3.py'
When looking at /usr/local/lib/nagios/plugins/nagios_plugin3.py, we found the owner was root:root and permissions were 640, meaning user nagios could not read the module for import.
When I checked the code in the main branch, it appears that the permissions of the source file are correctly set as 664, and the code uses shutil.copy2() to attempt to preserve permissions.
There may be an issue with CIS hardening that denies this attribute preservation, so the charm should hard-code the expected resulting file permissions within the nrpe_utils.py code that writes the file.
Imported from Launchpad using lp2gh.
date created: 2022-03-10T20:51:23Z
owner: afreiberger
assignee: None
the launchpad url