Bug 246914 - [NEW PORT] net-mgmt/nrpe4: Nagios Remote Plugin Executor version 4
Summary: [NEW PORT] net-mgmt/nrpe4: Nagios Remote Plugin Executor version 4
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL: https://github.com/NagiosEnterprises/...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-01 18:24 UTC by Michael Muenz
Modified: 2023-05-04 22:31 UTC (History)
7 users (show)

See Also:


Attachments
NRPEv4 (7.10 KB, text/plain)
2020-06-01 18:24 UTC, Michael Muenz
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Muenz 2020-06-01 18:24:18 UTC
Created attachment 215138 [details]
NRPEv4

New port for NRPE4. I found this port as nrpe3 is marked as outdated but there is no new version since 2017, as only v4 receives update. V4 also introduces TLS1.3 support.

I took the Makefile from nrpe3 and adjusted to newest version.

- portlint -A is happy
- poudriere builds fine on 12.1 64bit
- poudriere testport runs fine on 12.1 64bit
- pkg installs fine and nagios checks a handled correctly

I decided to add a new port since the existing port is labeld as nrpe3, and with nrpe4 you need to add an additional parameter to make it backward compatible (which would break existing setups).
Comment 1 Michael Muenz 2020-06-01 18:26:16 UTC
zeising@, sorry for adding you CC, but since you maintain nrpe3 maybe you want to have look.
Comment 2 Niclas Zeising freebsd_committer freebsd_triage 2020-06-01 19:26:28 UTC
(In reply to Michael Muenz from comment #1)

Don't apologize, it's ok to ask for help and reviews. :)

Is there anything in nrpe4 that breaks nrpe3 setups (I haven't looked myself).  Otherwise, it might make sense to simply update nrpe3 to this version (and rename it) rather than have both versions.  What do you think?
Comment 3 Michael Muenz 2020-06-02 04:53:06 UTC
I'm open for both options but it seems when nrpe v4 wants to contact an instance of nrpe v3 (like when when you update the package on the server and not the agents), you have to adjust the syntax to use v3 full backwards compatibility.

It should work [1] as the changelog for 4.0.0 states, but I can't test all scenarios.


[1]https://github.com/NagiosEnterprises/nrpe/blob/master/CHANGELOG.md
Comment 4 Niclas Zeising freebsd_committer freebsd_triage 2020-06-14 09:17:22 UTC
Sorry for sitting on this, I had forgot about it.
I believe the best way is to simply update nrpe to 4.0. If anyone still needs nrpe3, a separate port for that can be created.
Comment 5 Niclas Zeising freebsd_committer freebsd_triage 2020-08-13 16:40:15 UTC
Michael Muenz, are you OK with simply replacing NRPE3 with NRPE4?  Do you want to maintain NRPE4?
Comment 6 Michael Muenz 2020-08-24 14:57:25 UTC
Hi Niclas,

sorry for late reply, was on vacation. 

I'm not sure how this works since older port is called nrpe3. For me this sounds like creating a port "nrpe" and remove "nrpe3"? 

Again, I'm unsure if this breaks existing setups when nrpe3 will be upgraded to v4.

I can take maintainership if there are no concerns.

Best,
Michael
Comment 7 John W. O'Brien 2021-06-21 00:54:30 UTC
Thank you both for working on this.

Two minor items I have noticed so far while testing.

1.  In the event that both nrpe3 and nrpe4 appear in the ports tree concurrently, they will either need to be marked in CONFLICT with each other, or (perhaps better) their config files de-conflicted (sample, pkg-message, and rc script).

% pkg info -lF nrpe3-3.2.1.txz
nrpe3-3.2.1:
        /usr/local/share/licenses/nrpe3-3.2.1/catalog.mk
        /usr/local/share/licenses/nrpe3-3.2.1/LICENSE
        /usr/local/share/licenses/nrpe3-3.2.1/GPLv2+
        /usr/local/etc/nrpe.cfg.sample
        /usr/local/libexec/nagios/check_nrpe3
        /usr/local/sbin/nrpe3
        /usr/local/etc/rc.d/nrpe3
% pkg info -lF nrpe4-4.0.3.txz
nrpe4-4.0.3:
        /usr/local/share/licenses/nrpe4-4.0.3/catalog.mk
        /usr/local/share/licenses/nrpe4-4.0.3/LICENSE
        /usr/local/share/licenses/nrpe4-4.0.3/GPLv2
        /usr/local/etc/nrpe.cfg.sample
        /usr/local/libexec/nagios/check_nrpe4
        /usr/local/sbin/nrpe4
        /usr/local/etc/rc.d/nrpe4

2.  The config sample sets the PID location, which takes precedence over the port-configured default.

    pid_file=/var/nrpe.pid

However, when I comment this out, the pid file is not written to where I expect it to be. Curiously, I have been unable to find the pid file, but the rc script is still able to status and stop the running process. This may affect nrpe3 as well. I haven't checked.
Comment 8 Henrik Rosenke 2022-03-02 20:20:03 UTC
Hello,

yes this affects nrpe3 as well.
if commenting out the pid file, the default specified in /usr/local/etc/rc.d/nrpe3 doesnt work. Only works if set via nrpe.cfg. the default pid_file is dangerous because this sets /var to nagios:wheel.
Comment 9 Rene Ladan freebsd_committer freebsd_triage 2022-05-02 10:50:04 UTC
Maintainer reset.
Comment 10 Fabian Wenk 2022-05-22 20:35:48 UTC
I am monitoring some linux systems which have nrpe 4.0.x and on them the syslog gets below messages on each check, even if the check itself works fine:
May 22 19:30:18 examplehostname nrpe[27333]: Error: (use_ssl == true): Request packet version was invalid!
May 22 19:30:18 examplehostname nrpe[27333]: Could not read request from client 62.12.173.3, bailing out...
May 22 19:30:18 examplehostname nrpe[27333]: INFO: SSL Socket Shutdown.

Seems to be related to an issue with still using check_nrpe3 (3.2.1) from the Nagios server, see https://support.nagios.com/forum/viewtopic.php?t=59064

Would be really nice to have nrpe updated to the latest 4.0.3 release. I guess renaming the port to net-mgmt/nrpe is probably the best solution, as based on https://github.com/NagiosEnterprises/nrpe/releases it is still the same project. And based on the note at https://github.com/NagiosEnterprises/nrpe it is marked as "deprecated" and will only receive security fixes. So no big changes will happen in the future anyway.
Comment 11 Fabian Wenk 2022-05-22 21:07:05 UTC
(In reply to Fabian Wenk from comment #10)

I just discovered that when in the remote nrpe 4.0.x the config option 'disable_syslog=1' is set, the mention messages are not logged any more. But sure, this is more a workaround then a real solution.
Comment 12 Andrey Fesenko 2022-11-07 10:20:55 UTC
Confirm, net-mgmt/nrpe3 obsolete, and require set `-3` option.
nrpe support v4 protocol. if need update or portcommiter for this patch, i'm take this.
Comment 13 John W. O'Brien 2022-11-15 22:26:37 UTC
(In reply to Michael Muenz from comment #6)

> I can take maintainership if there are no concerns.

Now that net-mgmt/nrpe3 has no maintainer, perhaps the best way to get this moving again is to re-affirm your interest in becoming the maintainer.
Comment 14 Michael Muenz 2022-11-16 05:11:52 UTC
Sure :) Been a long time working on v4 but it isn't rocket science.

So you want to rename nrpe3 to nrpe or just add this port and timeout the version 3?
Comment 15 Fabian Wenk 2022-11-16 11:24:18 UTC
(In reply to Michael Muenz from comment #14)

As I have mention in my comment #10, renaming the port to just nrpe is probably a good solution.

But please also add a pkg-message file to notify users that they have to adjust their configuration:
When using the nrpe server the currently used nrpe3_enable= option in rc.conf needs to be changed. And on systems where the Nagios server is running, the command name in the corresponding command definition needs to be change from the currently used check_nrpe3 to probably check_nrpe4. Maybe also mention, that check_nrpe4 may need the -3 option for checking nrpe3 servers.
Comment 16 John W. O'Brien 2023-05-03 16:39:15 UTC
This bug appears to be OBE due to

https://cgit.freebsd.org/ports/commit/?id=55338de6ad307f8e296f41dd83ce7efa1d9918a8


commit 55338de6ad307f8e296f41dd83ce7efa1d9918a8
Author: Muhammad Moinur Rahman <bofh@FreeBSD.org>
Date:   Wed May 3 03:15:59 2023 +0200

    net-mgmt/nrpe: Resurrect port with new version

    THIS WILL REPLACE net-mgmt/nrpe3 WHICH FAILS TO BUILD WITH OpenSSL 3.0.0
    and later.

    nrpe is used to execute Nagios plugins on remote hosts and report the
    results to the main Nagios server. From the Nagios homepage:

    Allows you to execute "local" plugins (like check_disk, check_procs,
    etc.) on remote hosts. The check_nrpe plugin is called from Nagios and
    actually makes the plugin requests to the remote host. Requires that
    nrpe be running on the remote host (either as a standalone daemon or as
    a service under inetd).