Hello There, Guest! Login Register
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

nagios user authorization problems

#1
Hello,

This past week I set up a new Raspberry Pi 3 using the NEMS Linux image downloaded from your website and while it appears to be a successful installation and setup I have run into a bit of a problem I hope someone can help correct.

During the installation I successfully ran nems-init and successfully changed the username and password when prompted to do so, after which I finished setting up some monitoring of several of our vmware virtual machines.

The first problem I came across was when clicking any of the links to manage any of the hosts from within the Nagios Core web interface i was presented with an error message stating that I did not have permissions to run these commands.  A google search found instructions to edit the /etc/nagios3/cgi.cfg file and change the username for the various user authorizations from the default of nemsadmin to the new user name I had set at initialization and then restart the Nagios service.  This process quickly resolved the issue and I then all appeared to work correctly within the Nagios Core Interface.

That was at least until i powered the RPi unit down and restarted it, which appears to have overwritten the /etc/nagios3/cgi.cfg file with the user authorization username changed back to nemsadmin which results in the same error all over again until i manually edit the file again and restart the Nagios service.  I also noticed that as I left the unit running over the weekend after editing the cgi.cfg file once again, I returned this morning to find that while the unit had not been restarted the file had been overwritten with the default information again.

I am quite pleased with the ease of the overall setup of the NEMS Linux distribution, but most likely my overall lack of experience with Linux in general has caused me to miss some important step in the process that would have avoided this problem.  Any help someone might be able to provide to resolve this issue and stop this file from being overwritten would be most appreciated.

If Ive left out any important information, or can provide more details, please let me know.

Thanks
Don
 Reply
#2
I was able to identify and disable two cron jobs setup during installation that are set to run a script called quickfix.sh at reboot, and every day at 12:00am.  It appears that this script runs another script that actually overwrites the cgi.cfg file with the default.

This has temporarily solved my problem but I still wonder what this script may be doing that I should leave running.

Forgive my Linux ignorance, but I am learning on the fly, my server and networking experience is all self taught over the last 5 years and I certainly would appreciate any help and explanation someone might provide.

Thanks
Don
 Reply
#3
Hey Don,
Yeah, you cannot edit config files in NEMS like you can in Nagios. If you do, you'll just lose your changes.

Is there any possibility you put either uppercase characters or a space in the username you created? That'd be my first guess at the issue, but let me know.

I'm away the next few days so forgive any delay in reply but I will definitely help.

Glad you like it so far - but wait till you actually have it working 100% !! It's pretty sleek if I do say so myself. Smile AND, no having to edit config files! LOL

Cheers,
Robbie
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
#4
Just saw your second message. ** DO NOT ** remove those cron entries. You have not fixed the "issue" you have simply removed NEMS' ability to correct configs that don't match. You could corrupt a lot of data, and you will no longer get any updates nor will you be able to have backups.

Please re-flash your NEMS server and start over. Let's address the real issue, not create more.

Please refer to my question about your username. :)
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
#5
Hi Rob, 

Thanks for your reply.  To answer you question about the username I added during the nems-init process, it is all lowercase, and has no spaces.  

Ive had a FANagios installation running on a CentOS virtual machine for the past 4 years that was initially set up by another individual.  The username initally used on that installation was nagiosadmin.  For the sale of continuity I used that same username during the nems-init process.  I could have just as  easily left it as nemsadmin and simply added the new password, it really doesnt matter.  

What surprised me was that it changed beck to nemsadmin in the cgi.cfg file after a reboot of the machine or after the first overnight run of the machine, which of course broke the permissions within nagios.

As for manually editing the config files, i only changed the username in the cgi.cfg file to fix the broken permissions only to have it undone again each time one of those cron jobs ran, which led me to search out just what was causing that to happen, and ultimately to disable the two cron jobs using the nemsconf application.  I did not delete either of the jobs, i simple disabled tgem. Great job with nemsconf by the way, I certainly appreciate the ability to edit the nagios config files with a user interface that actually works since Ive been doing so manually for the past four years in NagiosFAN.  Let me tell you, the learning curve there was steep for me at first and took me a while to master.

For now I have two functioning nemslinux installations running with the same configuration but with different ip addresses and hostnames, so re-flashing one of them is no big deal.  Once I get the problem sorted out on one, I can easily clone that to the other. Ultimately, only one unit will stay running, the other will simply sit as a backup in case the first fails.  Right now they are both running as a test along side my NagiosFAN VM, which nems will ultimately replace.  

I certainly appreciate your help figuring out what I may have missed or done wrong during the initial install that has caused the problem with the username.

Cheers, 
Don
 Reply
#6
Bahahahahaa! That's amazing.

Thanks dlayng - here's the thing: it never once crossed my mind that someone would call their user nagiosadmin! That is an old default username that is not permitted on NEMS, but I never added it to the error handler, so you wouldn't have known that! WHAT ARE THE CHANCES?!

So, try reflashing and try a new username... let me know how it goes.

I am quite confident that's all the issue was. Give'r a go.

I'll note to add nagiosadmin to the nems-init error handler. Thanks!

Robbie
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
#7
Rob, 

Imagine that. Given that someone before my takeover of our network set our NagiosFAN install up, and at the time I took on the job as an added job to my duties as an electronic tech, I had enough to learn to get nagios running as we needed without worrying about changing a default username. I simply set a password other than the default and moved on with the task of learning how to edit nagios config files manually with no previous nagios experience and very little linux experience at that point. 

Windows and VMWare was no problem, Nagios, that was quite another story at the time.  Your nems linux setup is much much nicer to work with.

I will reflash one of the units next week and use a different username.  Will let you know how things work out.

Thanks again for your help, and a tip of my scotch glass to you!

Cheers,
Don
 Reply
#8
Cheers :)
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
#9
Rob,

I took the time this morning to re-flash one of the units and chose a different username during the nems-init process.  That definitely corrected the problem with the username getting overwritten with the default when the quickfix cron jobs run at boot and at 12:00 am.

However, i still see the problem that originally led me to find that the username was being overwritten by those scripts, and that is the error message that nagios is not set to monitor external commands.

Looking through the nagios.cfg file I find the line check_external_commands=0  which of course disables the ability do things like disabling or enabling notifications for a host or service from the nagios core application.

With your suggestion not to edit the .cfg files manually, is there a way to edit that command to enable that option from the web interface? Or should it have gotten set during nems-init?  The proper user authorizations are set for all host commands and all service commands in the cgi.cfg file.

So far I am unable to see an option to change that setting from the web interface.  And for what its worth, I did manually edit the check_external_commands= line in nagios.cfg on the previous install to fix that same issue, and those changes stuck when the quickfix script ran on schedule.

Thanks,
Don
 Reply
#10
Yeah, don't change that unless you're 100% sure you want to break Check_MK and NagVis.

On NEMS, Nagios Core is not used for this. Typically, you'd open Check_MK to do what you're looking to do.

Let me know. If you're opposed to Check_MK for some reason (it's WAY more beautiful than Nagios Core) I suppose I could create a way to choose either/or, but as it is, what you are encountering is by design of NEMS. Though I probably would just advise against it since it is on the to-do list to further integrate Check_MK and eventually have it completely replace Nagios Core.
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
 
 
Forum Jump:

Users browsing this thread: 1 Guest(s)