icinga2: Can't send external Icinga command to the local command file when Integrating Postgres

This forum was archived to /woltlab and is now in read-only mode.
  • I am trying to pull the Postgresql monitoring data by maikng use of check_postgres.pl plugin. Below is my configuration



    1. object CheckCommand "postgres_check" {
    2.         command = [ PluginContribDir + "/check_postgres.pl" ]
    3.         arguments = {
    4.                 "-H" =  "$postgres_host$"
    5.                 "-w" =  "$postgres_warning$"
    6.                 "-c" =  "$postgres_critical$"
    7.                 "--action" = "$postgres_action$"
    8.                 }
    9. }



    1. apply Service "postgres-locks" {
    2.         import "generic-service"
    3.         check_command = "postgres_check"
    4.         vars.postgres_host = "hostname"//this is an external host
    5.         vars.action="locks"
    6.         vars.postgres_warning = 2
    7.         vars.postgres_critical = 3
    8.         assign where host.name == NodeName
    9. }

    Upon restarting the Icinga 2 instance, I am seeing the following error on the Web



    icinga2: Can't send external Icinga command to the local command file "/var/run/icinga2/cmd/icinga2.cmd": Permission denied

    Also please help me how to use the Icinga Template Library.

  • Wolfgang : The plugin was working fine and able to pull the status of the locks of the database from Postgres. However, when integrating with Icinga 2 causing the issue. Can you please let me know if my configuration is valid?

  • Wolfgang : Configuration as in the definitions defined in commands and service files. I also verified command feature and it is enabled. Is it due to the external host?

  • Wolfgang : Below are the permissions under /var/run/icinga2/

    drwxr-s--- 2 icinga icingacmd 60 Jul 11 06:33 .

    drwxr-xr-x 3 icinga icingacmd 80 Sep 27 08:14 ..

    prw-rw---- 1 icinga icingacmd 0 Sep 19 05:30 icinga2.cmd

  • Wolfgang :

    I have tested the check_postgres.pl plugin by issuing the command which is working fine

    1. ./check_postgres.pl -H <<externalhost>> --action locks

    I am pulling the metrics of postgresql server available in external host but not in the localhost. I dont think Icingaweb2 process is a member of icingacmd

  • Wolfgang : The error is appearing on the UI. I am not sure how it is trying to send the information to /var/run/icinga2/cmd/icinga2.cmd

  • The error is totally unrelated to the postgresql service here. Please stop with ping and pong back and forth too, rather collect everything in one short question.

    Since you've mentioned it - if you are using the command pipe, Icinga 2 must be able to write to it. That is a local file which must be writable by the apache user.

    You can use a remote command transport via ssh for example.

    If I were you, I wouldn't bother with the command pipe. It is erroneous and does not provide any feedback on success/error. If the apache user is not in the icingacmd group, you'll get permission denied errors. IF SELinux prevents the apache user from writing to it, you'll get permission denied errors.

    Ensure that you are running Icinga 2 v2.7+ and Icinga Web 2 v2.4+ and use the Icinga 2 API as command transport. That works in the same fashion as with the command pipe, you just put in the remote host where Icinga 2 is listening on port 5665. Details here: https://github.com/Icinga/icin…/doc/commandtransports.md

    Keep in mind that the URL might change. I have a pending PR which restructures the file names in that directory, next to other enhancements for 2.5 docs later this year.

  • dnsmichi : Apologies for asking too many questions. I am newbie and having hard time to understand the tool. I want to understand the importance of command pipe in this scenario. MySeLinux is disabled and as per my service definition I am using an external PostgreSQL server to pull the metrics which does not have icinga 2 instance installed on the server. However, I am seeing the points written in influxdb but when it comes to Web I face this issue. I am using the versions Icinga 2 (2.7.0-1) and Icinga web (2.4.1).

  • Wolfgang

    The real issue here is that Icinga 2 runs on a different host than Icinga Web 2. Skip the plugin. It is just that a command pipe is not there where Icinga Web 2 expects it.


    As said, you have two options. Either configure Icinga Web 2 that it uses an SSH transport to the Icinga 2 remote instance where the command pipe is available locally.

    Or go for the future way of the native REST API of Icinga 2. You'll already have the API enabled if you're running a clustered setup. You just need to follow the setup instructions for the API user and re-configure the Icinga Web 2 command transport. This is a similar thing as with the IDO database resource running on probably a different host already.

    The second method should be doable within 15 minutes or so.

  • dnsmichi : Just an update the my Icinga 2 and Icinga Web 2 are installed on the same server. I am running this as a standalone application and no clustering is involved so far

  • That's contrary to what you've written above.

    Is icingaweb2 on a difference host than icinga2 instance creating this issue? Do I need to configure anything in commandtransports.ini and resources.ini files?

    Please share your current commandtransports.ini as well as

    ls -lR /var/run/icinga2/cmd

  • dnsmichi : My bad, I have installed the Icinga Web installed on the same server now and will remove the comment. I have executed the command and It shows the following


    total 0

    prw-rw---- 1 icinga icingacmd 0 Sep 19 05:30 icinga2.cmd

    Below is my commandtransports.ini file



    transport = "local"

    path = "/var/run/icinga2/cmd/icinga2.cmd"

    The post was edited 4 times, last by Shashank ().