Bug#1014551: [Pkg-nagios-devel] Bug#1014551: icinga2: check_apt not working if both master and host are running 2.13.4-1
Yes, that does resolve the issue.
Thank you very much for your prompt help.
jim
From: Sebastiaan Couwenberg
Sent: Thursday, July 7, 2022 5:17 PM
To: Jim Penny ; 1014...@bugs.debian.org
<1014...@bugs.debian.org>
Subject: Re: [Pkg-nagios-devel] Bug#1014551: icinga2: check_apt not working if
both master and host are running 2.13.4-1
On 7/7/22 22:18, Jim Penny wrote:
> Services.conf has this stanza.
>
> apply Service "apt" {
>check_command = "apt"
>vars.apt_upgrade = false
>command_endpoint = host.vars.client_endpoint
>assign where host.vars.do_apt
> }
vars.apt_upgrade passes the false argument along to check_apt.
What seems gets executed is:
$ /usr/lib/nagios/plugins/check_apt --upgrade=false
'/usr/bin/apt-get false upgrade' exited with non-zero status.
APT WARNING: 0 packages available for upgrade (0 critical updates).
warnings detected, errors detected.|available_upgrades=0;;;0
critical_updates=0;;;0
Prior to 2.13.4 it executed:
$ /usr/lib/nagios/plugins/check_apt --upgrade false
APT OK: 0 packages available for upgrade (0 critical updates).
|available_upgrades=0;;;0 critical_updates=0;;;0
Because 2.13.4 contains this change:
--- a/itl/command-plugins.conf
+++ b/itl/command-plugins.conf
@@ -1925,10 +1925,12 @@ object CheckCommand "apt" {
}
"--upgrade" = {
value = "$apt_upgrade$"
+ separator = "="
description = "[Default] Perform an upgrade. If
an optional OPTS argument is provided, apt-get will be run with these
command line options instead of the default."
}
"--dist-upgrade" = {
value = "$apt_dist_upgrade$"
+ separator = "="
description = "Perform a dist-upgrade instead
of normal upgrade. Like with -U OPTS can be provided to override the
default options."
}
"--include" = {
The description for the check command is not as informative as that of
check_apt itself:
-U, --upgrade=OPTS
[Default] Perform an upgrade. If an optional OPTS argument is
provided, apt-get will be run with these command line options
instead of the default (-o 'Debug::NoLocking=true' -s -qq).
Note that you may be required to have root privileges if you do not
use the default options.
vars.apt_upgrade = false might suggests that upgrades are not performed,
but that's not what the --upgrade option is for. check_apt will show
which packages will get upgraded if you were to execute `apt-get
upgrade`, or which will get upgraded if you were to execute `apt-get
dist-upgrade` when using check_apt --dist-upgrade.
You should remove var.apt_upgrade from your Service configuration.
Can you confirm that resolves this issue?
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Bug#1014551: [Pkg-nagios-devel] Bug#1014551: icinga2: check_apt not working if both master and host are running 2.13.4-1
Services.conf has this stanza.
apply Service "apt" {
check_command = "apt"
vars.apt_upgrade = false
command_endpoint = host.vars.client_endpoint
assign where host.vars.do_apt
}
A typical barely sanitized entry in hosts.conf doing the apt check is:
object Host ".example.com" {
check_command = "hostalive"
address = "xxx.example.com"
vars.client_endpoint = name
vars.do_apt = true
vars.syslog_ng_cnt = true;
vars.notification["mail"] = {
users = [ "jpenny" ]
}
}
I have monitoring-plugins-basic installed, and check_apt is part of that
package.
So, I think that I am using the icinga2 checker. I am definitely not using
nrpe,
it is not installed on any of the systems. There are no authorized_keys on
master, so I can't be suing ssh.
There is nothing remotely interesting in /var/log/icinga2/icinga2.log.
On host xxx, a failing system, grepping for xxx gives only two lines:
[2022-07-07 12:50:55 -0400] information/JsonRpcConnection: Received certificate
request for CN 'xxx.example.com' signed by our CA.
[2022-07-07 12:50:55 -0400] information/JsonRpcConnection: The certificate for
CN 'xxx.example.com' is valid and uptodate. Skipping automated renewal.
I hope that this is enough information to reproduce the problem.
Also, I have grepped source for "apt-get false upgrade", but I don't find that
string.
____
From: Sebastiaan Couwenberg
Sent: Thursday, July 7, 2022 3:19 PM
To: Jim Penny ; 1014...@bugs.debian.org
<1014...@bugs.debian.org>
Subject: Re: [Pkg-nagios-devel] Bug#1014551: icinga2: check_apt not working if
both master and host are running 2.13.4-1
Control: tags -1 moreinfo
On 7/7/22 20:37, Jim Penny wrote:
> It works with master on 2.13.4-1 and hosts on 2.13.3-1+b2. If both are on
> 2.13.4-1, icinga2-web reports "'/usr/bin/apt-get false upgrade' exited with
> non-zero status.".
How do you execute check_apt on the hosts?
Do you use the icinga2 checker feature to run check_apt on the hosts or
check_by_ssh, NRPE, or something else?
In case of icinga2 checker feature, what does
/var/log/icinga2/icinga2.log contain?
How can your issue be reproduced?
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Bug#1014551: icinga2: check_apt not working if both master and host are running 2.13.4-1
Package: icinga2 Version: 2.13.4-1 Severity: normal It works with master on 2.13.4-1 and hosts on 2.13.3-1+b2. If both are on 2.13.4-1, icinga2-web reports "'/usr/bin/apt-get false upgrade' exited with non-zero status.". -- System Information: Debian Release: bookworm/sid APT prefers oldoldstable APT policy: (500, 'oldoldstable'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.18.0-1-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: OpenRC (via /run/openrc), PID 1: init LSM: AppArmor: enabled Versions of packages icinga2 depends on: ii icinga2-bin 2.13.4-1 ii icinga2-common 2.13.4-1 Versions of packages icinga2 recommends: pn icinga2-doc ii libreadline7 7.0-5 ii monitoring-plugins-basic [nagios-plugins-basic] 2.3.1-1+b2 Versions of packages icinga2 suggests: pn vim-icinga2 -- no debconf information
Bug#486517: fails to connect to stable's samba
Package: samba Version: 2:3.0.30-3 Severity: normal Samba 2.3.0.30-3 fails to connect to 3.0.24-6etch10. #mount -t smbfs //foo/bar /home/jpenny/baz --verbose -o \ user=xxx,password=y,setuids,noperms parsing options: rw,user=xxx,password=y,setuids,noperms mount.cifs kernel mount options unc=//foo\bar,ip=192.168.222.62,ver=1,rw,user=xxx,password=yy,setuids,noperms mount error 20 = Not a directory Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) However, mount is fine from 3.0.28-2+b1 -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages samba depends on: ii adduser3.108 add and remove users and groups ii debconf [debconf-2.0] 1.5.22Debian configuration management sy ii libacl12.2.47-2 Access control list shared library ii libattr1 1:2.4.41-1Extended attribute shared library ii libc6 2.7-12GNU C Library: Shared libraries ii libcomerr2 1.40.8-2 common error description library ii libcups2 1.3.7-7 Common UNIX Printing System(tm) - ii libgnutls262.2.5-1 the GNU TLS library - runtime libr ii libkrb53 1.6.dfsg.3-2 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.9-1 OpenLDAP libraries ii libpam-modules 0.99.7.1-6Pluggable Authentication Modules f ii libpam-runtime 0.99.7.1-6Runtime support for the PAM librar ii libpam0g 0.99.7.1-6Pluggable Authentication Modules l ii libpopt0 1.14-3lib for parsing cmdline parameters ii logrotate 3.7.1-3 Log rotation utility ii lsb-base 3.2-12Linux Standard Base 3.2 init scrip ii procps 1:3.2.7-8 /proc file system utilities ii samba-common 2:3.0.30-3Samba common files used by both th ii update-inetd 4.30 inetd configuration file updater ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime samba recommends no packages. -- debconf information: samba/tdbsam: false * samba/generate_smbpasswd: true * samba/run_mode: daemons -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#330210: RM: python-popy and associated packages
Package: ftp.debian.org Severity: normal -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Please remove python-popy, python2.1-popy, python2.2-popy, and python2.3-popy from the archives. upstream is no longer developing the package, and there are alternative packages that offer similar features, including sql-relay, python-pygres, and python-pyscopg. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
