Icinga2: Default usage of ssl_sni in check_tcp
The latest icinga2 from the Icinga2 debian repository has added this line to command-plugins.conf:
vars.ssl_sni = "$ssl_address$"
However this repository has not updated monitoring-plugins-basic, hence everyone using $ssl_address$ (which is used to set -H) is now getting broken results:
/usr/lib/nagios/plugins/check_tcp: invalid option -- 'N'
Please revert this change or update check_tcp in the same repository at http://packages.icinga.org/debian/pool/main/m/monitoring-plugins/ so it works again.
davidc
All 12 comments
AFAIK the original issue was about "ssl" as CheckCommand, right?
Those packages on packages.icinga.org for the monitoring-plugins are not officially supported btw. @lazyfrosch thoughts?
dnsmichi
on 20 Nov 2017
I don't know what it was trying to fix but it's broken all existing users except presumably those who have compiled their own monitoring plugins.
If you can't provide a new monitoring-plugins then please can you set the version dependency correctly on icinga2. At least in that case it won't automatically upgrade and break, instead it will just refuse to upgrade. Although I'm not really sure how to fix existing installations now.
davidc
on 20 Nov 2017
I do understand your problem, but no need to put your frustration in here.
The monitoring-plugins package is available through Debian itself, though I'm wondering why you are pulling this from packages.icinga.com
I'll wait for @lazyfrosch 's thoughts on that.
dnsmichi
on 20 Nov 2017
Upgrading the monitoring-plugins packages won't help, even in the upstream repository the option -N is not supported for check_tcp.
However the check_tcp version from the nagios-plugins support the -N option.
mcktr
on 20 Nov 2017
I guess you are using the "ssl" CheckCommand to monitor certificates, correct?
A workaround could be the usage of the "http" CheckCommand, when setting the attribute http_certificate it will check the certificate expire date.
mcktr
on 20 Nov 2017
Sorry. Yes it is currently running monitoring-plugins-basic 2.1.1-1 which is the latest available in the Debian repository. Yes it's using "ssl", I'll try using "http" for the HTTPS sites, thanks.
davidc
on 20 Nov 2017
These packages for monitoring-plugins are an old mirror we had for Debian wheezy:
http://packages.icinga.org/debian/pool/main/m/monitoring-plugins/
They are not supported, please use the package your distribution provides.
lazyfrosch
on 21 Nov 2017
Both plugin project doesn't seem to support -N in their latest version:
https://www.monitoring-plugins.org/doc/man/check_tcp.html \
http://nagios-plugins.org/doc/man/check_tcp.html
lazyfrosch
on 21 Nov 2017
@lazyfrosch Are you sure that the nagios plugins do not support -N? I think they do support it, but it is not good documented.
In the usage list the -N argument is listed, but not in the options list.
mcktr
on 21 Nov 2017
Please review #5785 if it fixes your problem.
dnsmichi
on 21 Nov 2017
Thank you, applying this patch to one server manually has fixed the issue, I will confirm all in the next release to packages.icinga.org
davidc
on 22 Nov 2017
fixed the issue for us, thank you
marcofl
on 5 Dec 2017
Related issues
dbu1986
路
5Comments
seventh-chord
路
5Comments
BuildTheRobots
路
6Comments
ak2766
路
7Comments
ghost
路
4Comments