# jail related nagios issues



## dvl@ (Dec 5, 2009)

I am not really sure of why there was a problem or convinced that the solution was the correct one.

I recently upgraded a jail server to 8.0-stable.  The jail userland was also updated.  The jail runs the net-mgmt/nrpe port which Nagios communicates with to determine various system status.

The following command is run within the jail and connects to itself:


```
[root@ducky /usr/local/libexec/nagios]# ./check_nrpe2 -H 10.55.0.20 -c check_disks
DISK OK - free space: / 54451 MB (42% inode=93%);| /=75156MB;140858;140868;0;140878
[root@ducky /usr/local/libexec/nagios]#
```

From the host system:


```
$ ./check_nrpe2 -H 10.55.0.20 -c check_disks
CHECK_NRPE: Socket timeout after 10 seconds.
```

With the following added to /var/log/messages on the jail (10.55.0.20):


```
Dec  5 23:19:22 ducky nrpe[540]: Could not read request from client, bailing out...
```

Here come the clue.

From another system, the same command fails:


```
$ ./check_nrpe2 -H 10.55.0.20 -c check_disks
CHECK_NRPE: Error - Could not complete SSL handshake.
```

Checking the logs this time:


```
Dec  5 23:25:52 ducky nrpe[8060]: Host 10.55.0.23 is not allowed to talk to us!
```

Altering /usr/local/etc/nrpe.cfg to add the above host and restarting nrpe2 in the jail, we get:


```
./check_nrpe2 -H 10.55.0.20 -c check_disks
DISK OK - free space: / 54451 MB (42% inode=93%);| /=75156MB;140858;140868;0;140878
```


So.. We can access the jail from another system, but not from the jail host system.

solution: recompile nrpe and start it.  This solution worked on two jails on two diferent jail hosts.


----------

