Check_nwc_health - Docker Container

(Grex) #1


I’m running a docker container using icinga2 (jordan/icinga2). I know this Docker container isn’t official supported, but maybe someone can help me.

I compiled check_nwc_health as always on non-docker hosts, and never had any problems. But in the docker host I get no output from the plugin, even no error message…

root@mydockercontainer:/# /usr/lib/nagios/plugins/check_nwc_health --hostname --community public --mode uptime -vvvvvvvvvvvv

Maybe someone have any idea.



Do you get a non-zero return code?

(Grex) #3
root@mydockercontainer:/usr/lib/nagios/plugins# /usr/lib/nagios/plugins/check_nwc_health
Usage: check_nwc_health [ -v|--verbose ] [ -t <timeout> ] --mode <what-to-do> --hostname <network-component> --community <snmp-community>  ...]
root@mydockercontainer:/usr/lib/nagios/plugins# $?
bash: 3: command not found
root@mydockercontainer:/usr/lib/nagios/plugins# /usr/lib/nagios/plugins/check_nwc_health --hostname --community public --mode uptime
root@mydockercontainer:/usr/lib/nagios/plugins# $?
bash: 2: command not found



Under normal circumstances plugins are executed by the user running the monitoring process (which is not root). Please note that the monitoring process has other environment settings than root and other environment settings as a logged on user!

(Michael Friedrich) #5

Try echo $? instead to actually print the value.

(Grex) #6

I tried it with user nagios, same result:

root@mydockercontainer:/# su nagios
nagios@mydockercontainer:/$  /usr/lib/nagios/plugins/check_nwc_health --hostname --community public --mode uptime
nagios@mydockercontainer:/$ echo $?

I also tried it from docker Host, (no icinga2 env variables and it works):

[root@mydockerHOST ~]# /var/lib/docker/volumes/icinga2_nagios/_data/plugins/check_nwc_health --hostname --community public --mode uptime
OK - device is up since 209d 1h 57m 2...
[root@mydockerHOST ~]#

Docker Host needed some requirements (SNMP lib Perl module, MD5 Digest,…), maybe the plugin in the docker container need it to, but if I run without arguments, there are the usage message instead any info about missing libs.

(Michael Friedrich) #7

Required packages from Perl should immediately fail and print to stderr, that is not the case here. Exit code 2 would mean critical, try adding --verbose to the command line to get more insights.

(Grex) #8

Even --verbose nor -vvvvvvvvvvvv is working :frowning:

 nagios@mydockercontainer:/$  /usr/lib/nagios/plugins/check_nwc_health --hostname --community public --mode uptime --verbose
nagios@mydockercontainer:/$ echo $?
nagios@mydockercontainer:/$  /usr/lib/nagios/plugins/check_nwc_health --hostname --community public --mode uptime -vvvvvvvvvvvv
nagios@mydockercontainer:/$ echo $?
(Carsten Köbke) #9

Can you do a snmpwalk fro inside your docker container or maybe it is SELinux?

(Grex) #10


I disabled selinux (setenforce 0) but the same result, so I enforced selinux.

Inside the container, snmpwalk works!, it was a good point from you.

nagios@mydockercontainter:/$  snmpwalk -v2c -c public
iso. = STRING: "HP J9XXXX XXXX-48G Switch, revision...."

I only extract the first line, other its too long.

(Michael Friedrich) #11

Try running the command with strace to see which syscalls happen.

(Grex) #12


on dockercontainer, it shows me:

root@mydockercontainer:/# strace /usr/lib/nagios/plugins/check_nwc_health
strace: ptrace(PTRACE_TRACEME, ...): Operation not permitted
+++ exited with 1 +++

I started a new docker container with options: --security-opt seccomp:unconfined

So I have now 2 straces, one from host, one from container. See attachment below.


EDIT2: My coworker found the problem! - It is because in the docker container there is not existing the file /etc/protocols!

I copied it from docker host to docker container, and it is working now!

(straces removed)