nrpe2, as installed by its port, runs as uid nagios and gid nagios once initialized. However, its pid file is written to /var/spool/nagios owned by root:wheel. When exiting, it can't remove its pidfile due to EPERM. Later it can refuse to start e.g. if the pid from the stale pidfile was taken by an unrelated process. Fix: Chown ${NAGIOSDIR} to nagios:nagios after creating it in the do-install target using whatever port.mk magic it takes now. How-To-Repeat: Just reboot a system with nrpe2 enabled. See errors logged and nrpe not start. May 22 19:26:57 nocproj nrpe[955]: Caught SIGTERM - shutting down... May 22 19:26:57 nocproj nrpe[955]: Cannot remove pidfile '/var/spool/nagios/nrpe2.pid' - check your privileges. May 22 19:26:57 nocproj nrpe[955]: Daemon shutdown May 22 19:31:54 nocproj nrpe[1014]: Starting up daemon May 22 19:31:54 nocproj nrpe[1014]: There's already an NRPE server running (PID 955). Bailing out...
Responsible Changed From-To: freebsd-ports-bugs->yar Submitter has GNATS access (via the GNATS Auto Assign Tool)
Maintainer of net-mgmt/nrpe2, Please note that PR ports/168225 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/168225 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
I will double check this tomorrow but a cursory glance at the Makefile suggests that the permissions on the spool directly should be set when the post-install target runs. The port needs a little cleaning as it is still using the old-style user creation process; bringing this in to line with the main Nagios port may resolve the disconnect between port vs. package installation. Let me reproduce the error first and we can go from there. Thanks! Jarrod.
Hi Jarrod, On Tue, May 22, 2012 at 9:40 PM, Jarrod Sayers <jarrod@downtools.com.au> wr= ote: > > =A0I will double check this tomorrow but a cursory glance at the Makefile > =A0suggests that the permissions on the spool directly should be set when= the > =A0post-install target runs. =A0The port needs a little cleaning as it is= still > =A0using the old-style user creation process; bringing this in to line wi= th > =A0the main Nagios port may resolve the disconnect between port vs. packa= ge > =A0installation. > > =A0Let me reproduce the error first and we can go from there. =A0Thanks! Just to shed a bit more light on the problem, the code in the pkg-install script doesn't seem to run for some reason: If it had run, /var/spool/nagios would have been mode 775 owned by nagios:nagios, but in reality that directory ends up mode 755 owned by root:wheel, probably just as created by ${MKDIR} from the Makefile. Yar
On Tue, 22 May 2012, Yar Tikhiy wrote: > Just to shed a bit more light on the problem, the code in the > pkg-install script doesn't seem to run for some reason: If it had run, > /var/spool/nagios would have been mode 775 owned by nagios:nagios, but > in reality that directory ends up mode 755 owned by root:wheel, probably > just as created by ${MKDIR} from the Makefile. The script is running but the reason the permissions are not being set is due to the [ testing the presence of the spool directory. As the do-install target creates the directory, the POST-INSTALL part of the install script never runs as it is expecting the directory not to exist. In the interim, the simplest way to resolve this is to remove lines 75 (the if) and 79 (the fi) from ports/net-mgmt/nrpe2/files/pkg-install.in. I will look to clean this up during the week or weekend but you have my okay to remove the two above lines for a more immediate fix. Thanks again for picking that up, I suspect it has been like that for a while now. Jarrod.
On Tue, May 22, 2012 at 10:12 PM, Jarrod Sayers <jarrod@downtools.com.au> w= rote: > On Tue, 22 May 2012, Yar Tikhiy wrote: >> >> Just to shed a bit more light on the problem, the code in the pkg-instal= l >> script doesn't seem to run for some reason: If it had run, /var/spool/na= gios >> would have been mode 775 owned by nagios:nagios, but in reality that >> directory ends up mode 755 owned by root:wheel, probably just as created= by >> ${MKDIR} from the Makefile. > > > The script is running but the reason the permissions are not being set is > due to the [ testing the presence of the spool directory. =A0As the do-in= stall > target creates the directory, the POST-INSTALL part of the install script > never runs as it is expecting the directory not to exist. Yep, that's what I meant: the script might be running but the mkdir / chmod / chown block was ineffective. > In the interim, the simplest way to resolve this is to remove lines 75 (t= he > if) and 79 (the fi) from ports/net-mgmt/nrpe2/files/pkg-install.in. I wil= l > look to clean this up during the week or weekend but you have my okay to > remove the two above lines for a more immediate fix. By the way, do you think it can be a good idea to handle the creation and initialization of the spool dir just in one place, be it the Makefile or pkg-install.in? > Thanks again for picking that up, I suspect it has been like that for a > while now. Thank you for looking into this! Yar
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Storing pid-files in other directories than /var/run is IMHO generally a bad idea. In our environment we solved this issue by simply changing /usr/local/etc/nrpe.conf from pid_file=/var/spool/nagios/nrpe2.pid to pid_file=/var/run/nagios/nrpe2.pid In addition we modified our build environment (/etc/make.conf): ... # nrpe (nagios client) .if ${.CURDIR} == "${PORTSDIR}/net-mgmt/nrpe2" NAGIOSDIR=/var/run/nagios .endif ... After rebuilding and reinstalling nrpe, everything works as expected. Further, this port seems to need a little cleanup, as already mentioned in this PR. HTH. - -- Regards Alfred Bartsch Data-Service GmbH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+8soEACgkQ5QGe2JdVf3igLQCfY0iYOsNUuENX+JZr2lv6yZVm 2g0AoKKMNihJiDvDnWt3hTIJ/hll4vqt =cUvK -----END PGP SIGNATURE-----
State Changed From-To: feedback->open over to the pool (with bugmeister approval). I have not verified this still a problem
Responsible Changed From-To: yar->freebsd-bugs over to the pool (with bugmeister approval). I have not verified this still a problem
Responsible Changed From-To: freebsd-bugs->tj I'll take it.
Hi, Extreme apologies to Yar, I'd told him I'd deal with this, but somehow it slipped my mind while preparing for my vacation :( The correct fix is to create a /var/run subdirectory owned by nagios. I've also taken the liberty of using sh idioms to speed up the script's parsing rather than calling [ processes, and a few other nits. *** NOT TESTED!!! *** Please bear in mind that this directory creation must be done in the rc script, not pkg-install as /var/run is not guaranteed to persist across reboots. Chris http://www.bayofrum.net/~crees/patches/nrpe2-pidfile.diff
Responsible Changed From-To: tj->crees tj has graciously suggested that I look after this since I supplied a patch.
State Changed From-To: open->feedback Mind if I commit this Jarrod?
On Sat, 8 Sep 2012, crees@FreeBSD.org wrote: > Mind if I commit this Jarrod? The patch looks okay, that is an interesting way to create directory. If the PID file location is to be changed then I would have expected that the POST-INSTALL also be removed from files/pkg-install.in as well as some tweaks to pkg-plist to clean up the directory creation. The do-install target will also continue to create the old directory if installed locally - installation from a package will not. Not something pointyhat would find immediately however. Jarrod.
Good point. I think that the /var/spool/nrpe2 is still OK to be created; other stuff goes in there. I've just modified the localstatedir line in the Makefile to point to the new location (new patch below). Please would you test the rc script, as I'm not an nrpe2 user? It shouldn't need much; if it starts & stops OK that's enough testing for this patch. Chris http://www.bayofrum.net/~crees/patches/nrpe2-pidfile2.diff
State Changed From-To: feedback->closed Committed. Thanks!
Author: crees Date: Wed Sep 12 20:57:27 2012 New Revision: 304163 URL: http://svn.freebsd.org/changeset/ports/304163 Log: Improve rc script handling of pidfile, and do a few optimisations PR: ports/168225 Submitted by: yar (based on) While here, copy over default config file on install Modified: head/net-mgmt/nrpe2/Makefile head/net-mgmt/nrpe2/files/nrpe2.in head/net-mgmt/nrpe2/pkg-plist Modified: head/net-mgmt/nrpe2/Makefile ============================================================================== --- head/net-mgmt/nrpe2/Makefile Wed Sep 12 20:39:39 2012 (r304162) +++ head/net-mgmt/nrpe2/Makefile Wed Sep 12 20:57:27 2012 (r304163) @@ -74,7 +74,7 @@ CONFIGURE_ARGS+= --disable-command-args .endif post-patch: - @${REINPLACE_CMD} -e 's#/var/run/nrpe.pid#@localstatedir@/nrpe2.pid#g' \ + @${REINPLACE_CMD} -e 's#/var/run/nrpe.pid#/var/run/nrpe2/nrpe2.pid#g' \ -e 's#/usr/lib/nagios/plugins/#${LOCALBASE}/libexec/nagios/#g' \ -e 's#/usr/bin/sudo#${LOCALBASE}/bin/sudo#g' \ ${WRKSRC}/sample-config/nrpe.cfg.in @@ -90,6 +90,8 @@ do-install: post-install: @${SH} ${PKGINSTALL} ${DISTNAME} POST-INSTALL + @[ -f ${PREFIX}/etc/nrpe.cfg ] || \ + ${CP} -p ${PREFIX}/etc/nrpe.cfg-sample ${PREFIX}/etc/nrpe.cfg @${CAT} ${PKGMESSAGE} .include <bsd.port.post.mk> Modified: head/net-mgmt/nrpe2/files/nrpe2.in ============================================================================== --- head/net-mgmt/nrpe2/files/nrpe2.in Wed Sep 12 20:39:39 2012 (r304162) +++ head/net-mgmt/nrpe2/files/nrpe2.in Wed Sep 12 20:57:27 2012 (r304163) @@ -21,20 +21,18 @@ name="nrpe2" rcvar=nrpe2_enable +: ${nrpe2_enable=NO} +: ${nrpe2_configfile=%%PREFIX%%/etc/nrpe.cfg} +pidfile=${nrpe2_pidfile:-/var/run/nrpe2/nrpe2.pid} + command="%%PREFIX%%/sbin/nrpe2" command_args="-d" extra_commands="reload" - +start_precmd="install -d -o ${nrpe_user:-nagios} ${pidfile%/*}" sig_reload=HUP -[ -z "${nrpe2_enable}" ] && nrpe2_enable="NO" -[ -z "${nrpe2_configfile}" ] && nrpe2_configfile="%%PREFIX%%/etc/nrpe.cfg" -[ -z "${nrpe2_pidfile}" ] && nrpe2_pidfile="%%NAGIOSDIR%%/nrpe2.pid" - load_rc_config "${name}" -pidfile="${nrpe2_pidfile}" - required_files="${nrpe2_configfile}" command_args="${command_args} -c ${nrpe2_configfile}" Modified: head/net-mgmt/nrpe2/pkg-plist ============================================================================== --- head/net-mgmt/nrpe2/pkg-plist Wed Sep 12 20:39:39 2012 (r304162) +++ head/net-mgmt/nrpe2/pkg-plist Wed Sep 12 20:57:27 2012 (r304163) @@ -1,4 +1,6 @@ +@unexec cmp -s %D/etc/nrpe.cfg-sample %D/etc/nrpe.cfg && rm %D/etc/nrpe.cfg || true etc/nrpe.cfg-sample +@exec test -f %B/nrpe.cfg || cp -p %D/%F %B/nrpe.cfg libexec/nagios/check_nrpe2 @dirrmtry libexec/nagios sbin/nrpe2 _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"