{"id":15120,"date":"2023-01-13T00:44:54","date_gmt":"2023-01-12T21:44:54","guid":{"rendered":"https:\/\/kifarunix.com\/?p=15120"},"modified":"2024-03-10T08:00:56","modified_gmt":"2024-03-10T05:00:56","slug":"deploy-nrpe-agent-as-a-docker-container","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/deploy-nrpe-agent-as-a-docker-container\/","title":{"rendered":"Deploy NRPE Agent as a Docker Container"},"content":{"rendered":"\n

In this tutorial, you will learn how to deploy NRPE agent as a Docker container. Docker<\/a> containers have revolutionized how applications are deployed! They make it easy to develop, ship, and run applications. The beauty of this is it doesn’t matter your OS distro, as long as you are able to install Docker on it, the application build as Docker containers are portable and can be ran on any OS.<\/p>\n\n\n\n

In our previous guide, we learnt how to deploy Nagios as a Docker container. You can have a look;<\/p>\n\n\n\n

Deploy Nagios as a Docker Container<\/a><\/p>\n\n\n\n

Deploying NRPE Agent as a Docker Container<\/h2>\n\n\n\n

Install Docker Engine<\/h3>\n\n\n\n

Begin by installing Docker on your Linux host system.<\/p>\n\n\n\n

You can follow the links below to guide you on how to install Docker on various Linux distros;<\/p>\n\n\n\n

Install Docker on Rocky Linux 8<\/a><\/p>\n\n\n\n

Install Docker CE on Ubuntu 20.04<\/a><\/p>\n\n\n\n

Install and Use Docker on Debian 10 Buster<\/a><\/p>\n\n\n\n

Create and Build NRPE Docker Image<\/h3>\n\n\n\n

Once you have Docker packages installed, proceed to create and build your custom NRPE docker image.<\/p>\n\n\n\n

You can create a directory, say under \/opt<\/strong> for example, where you can store all necessary files that we will create for the purposes of creating NRPE Docker image. You can name the directory however you want!<\/p>\n\n\n\n

mkdir \/opt\/nagios-nrpe-docker<\/code><\/pre>\n\n\n\n
Navigate to the directory above;<\/p>\n\n\n\n
cd \/opt\/nagios-nrpe-docker<\/code><\/pre>\n\n\n\n
Download latest NRPE release version<\/a>;<\/p>\n\n\n\n
wget https:\/\/github.com\/NagiosEnterprises\/nrpe\/releases\/download\/nrpe-4.1.0\/nrpe-4.1.0.tar.gz<\/code><\/pre>\n\n\n\n
Extract the archive;<\/p>\n\n\n\n
tar xzf nrpe-4.1.0.tar.gz<\/code><\/pre>\n\n\n\n
Download latest Nagios monitoring plugins<\/a>;<\/p>\n\n\n\n
wget https:\/\/github.com\/nagios-plugins\/nagios-plugins\/releases\/download\/release-2.4.2\/nagios-plugins-2.4.2.tar.gz<\/code><\/pre>\n\n\n\n
Extract the plugins;<\/p>\n\n\n\n
tar xzf nagios-plugins-2.4.2.tar.gz<\/code><\/pre>\n\n\n\n
Create NRPE Dockerfile. We will build our NRPE Docker image upon Rocky Linux 9 (see FROM line in the Dockerfile below);<\/p>\n\n\n\n
vim Dockerfile<\/code><\/pre>\n\n\n\n
\nFROM rockylinux:9\nRUN dnf install epel-release -y \\\n    && dnf update -y\n# Install Required build tools\nRUN dnf install -y gcc \\\n\tglibc \\\n\tglibc-common \\\n\tmake \\\n\tgettext \\\n\tautomake \\\n\tautoconf \\\n\twget \\\n\tprocps \\\n\topenssl-devel \\\n\tpkgconf-pkg-config \\\n\tdiffutils \\\n\tnet-snmp-perl \\\n        supervisor        \n# Build and Install NRPE Agent\nCOPY nrpe-4.1.0 \/nrpe-4.1.0\nWORKDIR \/nrpe-4.1.0\n\n# Configure NRPE Agent to adapt it to the system\nRUN  .\/configure \\\n     --enable-command-args \\\n     --with-nrpe-user=nagios \\\n     --with-nrpe-group=nagios\n\n# Compile, Install NRPE, install config and,\n# create nagios user\/group\nRUN make all \\\n    && make install-groups-users \\\n    && make install \\\n    && make install-config\n\n# Build and Install Nagios Plugins;\nCOPY nagios-plugins-2.4.2 \/nagios-plugins-2.4.2\nWORKDIR \/nagios-plugins-2.4.2\nRUN .\/configure --with-nagios-user=nagios --with-nagios-group=nagios && \\\n    make && \\\n    make install\n\n# Define NRPE Service, Port and Protocol\nRUN echo \"nrpe            5666\/tcp                # NRPE Service\" >> \/etc\/services\n#\nWORKDIR \/root\n# Add NRPE Startup script\nADD start.sh \/\nRUN chmod +x \/start.sh\n\nCMD [ \"\/start.sh\" ]\n<\/code><\/pre>\n\n\n\n
From the Dockerfile above, NRPE agent and plugins will be installed atop Rocky Linux 9 docker image.<\/p>\n\n\n\n
We also have a startup script, start.sh<\/code><\/strong> that will be used to start NRPE agent;<\/p>\n\n\n\n
The script is in our current directory;<\/p>\n\n\n\n
cat \/opt\/nagios-nrpe-docker\/start.sh<\/code><\/pre>\n\n\n\n
#!\/bin\/sh\n\/usr\/local\/nagios\/bin\/nrpe -n -c \/usr\/local\/nagios\/etc\/nrpe.cfg -d\n\/usr\/bin\/supervisord -n<\/code><\/pre>\n\n\n\n
The script will be copied into the NRPE Docker image we will create.<\/p>\n\n\n\n
With the Dockerfile setup, you can now build your NRPE agent Docker image;<\/p>\n\n\n\n
docker build -t nrpe:4.1.0 .<\/code><\/pre>\n\n\n\n
This will create an NRPE Docker image and tag it with the version number, 4.1.0.<\/p>\n\n\n\n
docker images<\/code><\/pre>\n\n\n\n
REPOSITORY   TAG       IMAGE ID       CREATED         SIZE\nnrpe         4.1.0     01bbdb86b63f   3 minutes ago   548MB\nrockylinux   9         ce99dcf19c24   2 weeks ago     176MB<\/code><\/pre>\n\n\n\n
List installed plugins;<\/p>\n\n\n\n
docker run --rm -ti nrpe:4.1.0 ls \/usr\/local\/nagios\/libexec\/<\/code><\/pre>\n\n\n\n
check_apt\t    check_ifstatus  check_ntp_peer  check_ssl_validity\ncheck_breeze\t    check_imap\t    check_ntp_time  check_ssmtp\ncheck_clamd\t    check_ircd\t    check_nwstat    check_swap\ncheck_cluster\t    check_jabber    check_oracle    check_tcp\ncheck_dhcp\t    check_load\t    check_overcr    check_time\ncheck_disk\t    check_log\t    check_ping\t    check_udp\ncheck_disk_smb\t    check_mailq     check_pop\t    check_ups\ncheck_dummy\t    check_mrtg\t    check_procs     check_uptime\ncheck_file_age\t    check_mrtgtraf  check_real\t    check_users\ncheck_flexlm\t    check_nagios    check_rpc\t    check_wave\ncheck_ftp\t    check_nntp\t    check_sensors   negate\ncheck_http\t    check_nntps     check_simap     remove_perfdata\ncheck_icmp\t    check_nrpe\t    check_smtp\t    urlize\ncheck_ide_smart     check_nt\t    check_spop\t    utils.pm\ncheck_ifoperstatus  check_ntp\t    check_ssh\t    utils.sh\n<\/code><\/pre>\n\n\n\n
Now, to easily configure NRPE agent for host monitoring, create a configuration directory on the Docker host current directory where to place a custom nrpe.cfg<\/strong> file.<\/p>\n\n\n\n
mkdir \/opt\/nagios-nrpe-docker\/etc<\/code><\/pre>\n\n\n\n
Inside this directory, we will create nrpe.cfg<\/code><\/strong> file which you can then mount it into the NRPE Docker container NRPE configuration file.<\/p>\n\n\n\n
By default, NRPE configuration file looks like;<\/p>\n\n\n\n
\n#############################################################################\n#\n#  Sample NRPE Config File\n#\n#  Notes:\n#\n#  This is a sample configuration file for the NRPE daemon.  It needs to be\n#  located on the remote host that is running the NRPE daemon, not the host\n#  from which the check_nrpe client is being executed.\n#\n#############################################################################\n# LOG FACILITY\n# The syslog facility that should be used for logging purposes.\nlog_facility=daemon\n# LOG FILE\n# If a log file is specified in this option, nrpe will write to\n# that file instead of using syslog.\n#log_file=\/usr\/local\/nagios\/var\/nrpe.log\n# DEBUGGING OPTION\n# This option determines whether or not debugging messages are logged to the\n# syslog facility.\n# Values: 0=debugging off, 1=debugging on\ndebug=0\n# PID FILE\n# The name of the file in which the NRPE daemon should write it's process ID\n# number.  The file is only written if the NRPE daemon is started by the root\n# user and is running in standalone mode.\npid_file=\/usr\/local\/nagios\/var\/nrpe.pid\n# PORT NUMBER\n# Port number we should wait for connections on.\n# NOTE: This must be a non-privileged port (i.e. > 1024).\n# NOTE: This option is ignored if NRPE is running under either inetd or xinetd\nserver_port=5666\n# SERVER ADDRESS\n# Address that nrpe should bind to in case there are more than one interface\n# and you do not want nrpe to bind on all interfaces.\n# NOTE: This option is ignored if NRPE is running under either inetd or xinetd\n#server_address=127.0.0.1\n# LISTEN QUEUE SIZE\n# Listen queue size (backlog) for serving incoming connections.\n# You may want to increase this value under high load.\n#listen_queue_size=5\n# NRPE USER\n# This determines the effective user that the NRPE daemon should run as.\n# You can either supply a username or a UID.\n#\n# NOTE: This option is ignored if NRPE is running under either inetd or xinetd\nnrpe_user=nagios\n# NRPE GROUP\n# This determines the effective group that the NRPE daemon should run as.\n# You can either supply a group name or a GID.\n#\n# NOTE: This option is ignored if NRPE is running under either inetd or xinetd\nnrpe_group=nagios\n# ALLOWED HOST ADDRESSES\n# This is an optional comma-delimited list of IP address or hostnames\n# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask\n# (i.e. 192.168.1.0\/24) are also supported. Hostname wildcards are not currently\n# supported.\n#\n# Note: The daemon only does rudimentary checking of the client's IP\n# address.  I would highly recommend adding entries in your \/etc\/hosts.allow\n# file to allow only the specified host to connect to the port\n# you are running this daemon on.\n#\n# NOTE: This option is ignored if NRPE is running under either inetd or xinetd\nallowed_hosts=127.0.0.1,::1\n# COMMAND ARGUMENT PROCESSING\n# This option determines whether or not the NRPE daemon will allow clients\n# to specify arguments to commands that are executed.  This option only works\n# if the daemon was configured with the --enable-command-args configure script\n# option.\n#\n# *** ENABLING THIS OPTION IS A SECURITY RISK! ***\n# Read the SECURITY file for information on some of the security implications\n# of enabling this variable.\n#\n# Values: 0=do not allow arguments, 1=allow command arguments\ndont_blame_nrpe=0\n# BASH COMMAND SUBSTITUTION\n# This option determines whether or not the NRPE daemon will allow clients\n# to specify arguments that contain bash command substitutions of the form\n# $(...).  This option only works if the daemon was configured with both\n# the --enable-command-args and --enable-bash-command-substitution configure\n# script options.\n#\n# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***\n# Read the SECURITY file for information on some of the security implications\n# of enabling this variable.\n#\n# Values: 0=do not allow bash command substitutions,\n#         1=allow bash command substitutions\nallow_bash_command_substitution=0\n# COMMAND PREFIX\n# This option allows you to prefix all commands with a user-defined string.\n# A space is automatically added between the specified prefix string and the\n# command line from the command definition.\n#\n# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***\n# Usage scenario:\n# Execute restricted commmands using sudo.  For this to work, you need to add\n# the nagios user to your \/etc\/sudoers.  An example entry for allowing\n# execution of the plugins from might be:\n#\n# nagios          ALL=(ALL) NOPASSWD: \/usr\/lib\/nagios\/plugins\/\n#\n# This lets the nagios user run all commands in that directory (and only them)\n# without asking for a password.  If you do this, make sure you don't give\n# random users write access to that directory or its contents!\n# command_prefix=\/usr\/bin\/sudo\n# MAX COMMANDS\n# This specifies how many children processes may be spawned at any one\n# time, essentially limiting the fork()s that occur.\n# Default (0) is set to unlimited\n# max_commands=0\n# COMMAND TIMEOUT\n# This specifies the maximum number of seconds that the NRPE daemon will\n# allow plugins to finish executing before killing them off.\ncommand_timeout=60\n# CONNECTION TIMEOUT\n# This specifies the maximum number of seconds that the NRPE daemon will\n# wait for a connection to be established before exiting. This is sometimes\n# seen where a network problem stops the SSL being established even though\n# all network sessions are connected. This causes the nrpe daemons to\n# accumulate, eating system resources. Do not set this too low.\nconnection_timeout=300\n# WEAK RANDOM SEED OPTION\n# This directive allows you to use SSL even if your system does not have\n# a \/dev\/random or \/dev\/urandom (on purpose or because the necessary patches\n# were not applied). The random number generator will be seeded from a file\n# which is either a file pointed to by the environment valiable $RANDFILE\n# or $HOME\/.rnd. If neither exists, the pseudo random number generator will\n# be initialized and a warning will be issued.\n# Values: 0=only seed from \/dev\/[u]random, 1=also seed from weak randomness\n#allow_weak_random_seed=1\n# SSL\/TLS OPTIONS\n# These directives allow you to specify how to use SSL\/TLS.\n# SSL VERSION\n# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),\n#        SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use\n#        TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),\n#        TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),\n#        TLSv1.2+ (use TLSv1.2 or above)\n# If an \"or above\" version is used, the best will be negotiated. So if both\n# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.\n# If you are using openssl 1.1.0 or above, the SSLv2 options are not available.\n#ssl_version=SSLv2+\n# SSL USE ADH\n# This is for backward compatibility and is DEPRECATED. Set to 1 to enable\n# ADH or 2 to require ADH. 1 is currently the default but will be changed\n# in a later version.\n#ssl_use_adh=1\n# SSL CIPHER LIST\n# This lists which ciphers can be used. For backward compatibility, this\n# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' for < OpenSSL 1.1.0,\n# and 'ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0' for OpenSSL 1.1.0 and\n# greater. \n#ssl_cipher_list=ALL:!MD5:@STRENGTH\n#ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0\n#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH\n# SSL Certificate and Private Key Files\n#ssl_cacert_file=\/etc\/ssl\/servercerts\/ca-cert.pem\n#ssl_cert_file=\/etc\/ssl\/servercerts\/nagios-cert.pem\n#ssl_privatekey_file=\/etc\/ssl\/servercerts\/nagios-key.pem\n# SSL USE CLIENT CERTS\n# This options determines client certificate usage.\n# Values: 0 = Don't ask for or require client certificates (default)\n#         1 = Ask for client certificates\n#         2 = Require client certificates\n#ssl_client_certs=0\n# SSL LOGGING\n# This option determines which SSL messages are send to syslog. OR values\n# together to specify multiple options.\n# Values: 0x00 (0)  = No additional logging (default)\n#         0x01 (1)  = Log startup SSL\/TLS parameters\n#         0x02 (2)  = Log remote IP address\n#         0x04 (4)  = Log SSL\/TLS version of connections\n#         0x08 (8)  = Log which cipher is being used for the connection\n#         0x10 (16) = Log if client has a certificate\n#         0x20 (32) = Log details of client's certificate if it has one\n#         -1 or 0xff or 0x2f = All of the above\n#ssl_logging=0x00\n# NASTY METACHARACTERS\n# This option allows you to override the list of characters that cannot\n# be passed to the NRPE daemon.\n# nasty_metachars=|`&><'\\\\[]{};\\r\\n\n# This option allows you to enable or disable logging error messages to the syslog facilities.\n# If this option is not set, the error messages will be logged.\ndisable_syslog=0\n# COMMAND DEFINITIONS\n# Command definitions that this daemon will run.  Definitions\n# are in the following format:\n#\n# command[]=\n#\n# When the daemon receives a request to return the results of \n# it will execute the command specified by the  argument.\n#\n# Unlike Nagios, the command line cannot contain macros - it must be\n# typed exactly as it should be executed.\n#\n# Note: Any plugins that are used in the command lines must reside\n# on the machine that this daemon is running on!  The examples below\n# assume that you have plugins installed in a \/usr\/local\/nagios\/libexec\n# directory.  Also note that you will have to modify the definitions below\n# to match the argument format the plugins expect.  Remember, these are\n# examples only!\n# The following examples use hardcoded command arguments...\n# This is by far the most secure method of using NRPE\ncommand[check_users]=\/usr\/local\/nagios\/libexec\/check_users -w 5 -c 10\ncommand[check_load]=\/usr\/local\/nagios\/libexec\/check_load -r -w .15,.10,.05 -c .30,.25,.20\ncommand[check_hda1]=\/usr\/local\/nagios\/libexec\/check_disk -w 20% -c 10% -p \/dev\/hda1\ncommand[check_zombie_procs]=\/usr\/local\/nagios\/libexec\/check_procs -w 5 -c 10 -s Z\ncommand[check_total_procs]=\/usr\/local\/nagios\/libexec\/check_procs -w 150 -c 200\n# The following examples allow user-supplied arguments and can\n# only be used if the NRPE daemon was compiled with support for\n# command arguments *AND* the dont_blame_nrpe directive in this\n# config file is set to '1'.  This poses a potential security risk, so\n# make sure you read the SECURITY file before doing this.\n### MISC SYSTEM METRICS ###\n#command[check_users]=\/usr\/local\/nagios\/libexec\/check_users $ARG1$\n#command[check_load]=\/usr\/local\/nagios\/libexec\/check_load $ARG1$\n#command[check_disk]=\/usr\/local\/nagios\/libexec\/check_disk $ARG1$\n#command[check_swap]=\/usr\/local\/nagios\/libexec\/check_swap $ARG1$\n#command[check_cpu_stats]=\/usr\/local\/nagios\/libexec\/check_cpu_stats.sh $ARG1$\n#command[check_mem]=\/usr\/local\/nagios\/libexec\/custom_check_mem -n $ARG1$\n### GENERIC SERVICES ###\n#command[check_init_service]=sudo \/usr\/local\/nagios\/libexec\/check_init_service $ARG1$\n#command[check_services]=\/usr\/local\/nagios\/libexec\/check_services -p $ARG1$\n### SYSTEM UPDATES ###\n#command[check_yum]=\/usr\/local\/nagios\/libexec\/check_yum\n#command[check_apt]=\/usr\/local\/nagios\/libexec\/check_apt\n### PROCESSES ###\n#command[check_all_procs]=\/usr\/local\/nagios\/libexec\/custom_check_procs\n#command[check_procs]=\/usr\/local\/nagios\/libexec\/check_procs $ARG1$\n### OPEN FILES ###\n#command[check_open_files]=\/usr\/local\/nagios\/libexec\/check_open_files.pl $ARG1$\n### NETWORK CONNECTIONS ###\n#command[check_netstat]=\/usr\/local\/nagios\/libexec\/check_netstat.pl -p $ARG1$ $ARG2$\n### ASTERISK ###\n#command[check_asterisk]=\/usr\/local\/nagios\/libexec\/check_asterisk.pl $ARG1$\n#command[check_sip]=\/usr\/local\/nagios\/libexec\/check_sip $ARG1$\n#command[check_asterisk_sip_peers]=sudo \/usr\/local\/nagios\/libexec\/check_asterisk_sip_peers.sh $ARG1$\n#command[check_asterisk_version]=\/usr\/local\/nagios\/libexec\/nagisk.pl -c version\n#command[check_asterisk_peers]=\/usr\/local\/nagios\/libexec\/nagisk.pl -c peers\n#command[check_asterisk_channels]=\/usr\/local\/nagios\/libexec\/nagisk.pl -c channels \n#command[check_asterisk_zaptel]=\/usr\/local\/nagios\/libexec\/nagisk.pl -c zaptel \n#command[check_asterisk_span]=\/usr\/local\/nagios\/libexec\/nagisk.pl -c span -s 1\n# INCLUDE CONFIG FILE\n# This directive allows you to include definitions from an external config file.\n#include=\n# INCLUDE CONFIG DIRECTORY\n# This directive allows you to include definitions from config files (with a\n# .cfg extension) in one or more directories (with recursion).\n#include_dir=\n#include_dir=\n# KEEP ENVIRONMENT VARIABLES\n# This directive allows you to retain specific variables from the environment\n# when starting the NRPE daemon. \n#keep_env_vars=NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION\n<\/code><\/pre>\n\n\n\n
We will update this configuration to make it as simple as possible such that it look like;<\/p>\n\n\n\n
cat \/opt\/nagios-nrpe-docker\/etc\/nrpe.cfg<\/code><\/pre>\n\n\n\n
\nlog_facility=daemon\ndebug=0\nserver_port=5666\nnrpe_user=nagios\nnrpe_group=nagios\nallowed_hosts=127.0.0.1,192.168.59.48\ndont_blame_nrpe=1\ncommand_timeout=60\nconnection_timeout=300\ncommand[check_users]=\/usr\/local\/nagios\/libexec\/check_users -w 5 -c 10\ncommand[check_load]=\/usr\/local\/nagios\/libexec\/check_load -r -w .15,.10,.05 -c .30,.25,.20\ncommand[check_disk]=\/usr\/local\/nagios\/libexec\/check_disk -w 20% -c 10% -p \/\ncommand[check_zombie_procs]=\/usr\/local\/nagios\/libexec\/check_procs -w 5 -c 10 -s Z\ncommand[check_total_procs]=\/usr\/local\/nagios\/libexec\/check_procs -w 150 -c 200\n<\/code><\/pre>\n\n\n\n
Adjust your thresholds as you so wish!<\/p>\n\n\n\n
Start and Test NRPE Docker Agent<\/h3>\n\n\n\n
You can now start and test if the NRPE Docker agent works as expected.<\/p>\n\n\n\n
Note that NRPE listens on port 5666 by default and so you need to expose this port on the host;<\/p>\n\n\n\n
docker run --name nagios-nrpe-4.1.0 \\\n-dp 5666:5666 \\\n-v \"\/opt\/nagios-nrpe-docker\/etc\/nrpe.cfg:\/usr\/local\/nagios\/etc\/nrpe.cfg\" \\\nnrpe:4.1.0<\/code><\/pre>\n\n\n\n
You can add the --restart unless-stopped<\/code><\/strong> option to start the NRPE agent container on system reboot.<\/p>\n\n\n\n
Check the status of the NRPE agent Docker container;<\/p>\n\n\n\n
docker ps -a<\/code><\/pre>\n\n\n\n
Sample output;<\/p>\n\n\n\n
CONTAINER ID   IMAGE        COMMAND       CREATED         STATUS         PORTS                                       NAMES\n152eae72b9a2   nrpe:4.1.0   \"\/start.sh\"   2 seconds ago   Up 2 seconds   0.0.0.0:5666->5666\/tcp, :::5666->5666\/tcp   nagios-nrpe-4.1.0<\/code><\/pre>\n\n\n\n
Confirm that the port is exposed on your host;<\/p>\n\n\n\n
ss -altnp | grep :5666<\/code><\/pre>\n\n\n\n
LISTEN 0      4096         0.0.0.0:5666      0.0.0.0:*    users:((\"docker-proxy\",pid=40626,fd=4))  \nLISTEN 0      4096            [::]:5666         [::]:*    users:((\"docker-proxy\",pid=40632,fd=4))<\/code><\/pre>\n\n\n\n
You should now be able to connect to your NRPE agent Docker container from the hosts defined by the line allowed_hosts<\/code><\/strong> in the configuration file.<\/p>\n\n\n\n
For example, let’s test NRPE agent response from the Nagios server Docker container;<\/p>\n\n\n\n
docker run --rm -ti nagios-core:4.4.9 \/usr\/local\/nagios\/libexec\/check_nrpe -n -H 192.168.59.49<\/code><\/pre>\n\n\n\n
Sample output;<\/p>\n\n\n\n
NRPE v4.1.0<\/code><\/pre>\n\n\n\n
Run a simple check e.g check load from your Nagios server;<\/p>\n\n\n\n
docker run --rm -ti nagios-core:4.4.9 \/usr\/local\/nagios\/libexec\/check_nrpe -n -H 192.168.59.49 -c check_load<\/code><\/pre>\n\n\n\n
Sample output;<\/p>\n\n\n\n
OK - load average per CPU: 0.06, 0.03, 0.03|load1=0.055;0.150;0.300;0; load5=0.025;0.100;0.250;0; load15=0.030;0.050;0.200;0;<\/code><\/pre>\n\n\n\n
To do the monitoring from the Nagios, add the host and service checks to your Nagios.<\/p>\n\n\n\n
In our Nagios server, these are sample checks against our NRPE agent server;<\/p>\n\n\n\n
cat \/opt\/nagios-core-docker\/etc\/objects\/kifarunix\/services.cfg<\/code><\/pre>\n\n\n\n
\n#################################\n# COMMAND DEFINITIONS\n#################################\ndefine command {\n    command_name    check_nrpe\n    command_line    \/usr\/local\/nagios\/libexec\/check_nrpe -n -H $HOSTADDRESS$ -c $ARG1$\n}\n\n\n#################################\n# SERVICE DEFINITIONS\n#################################\ndefine service {\n    use                     remote-service\n    host_name               elk-stack\n    service_description     Root Partition\n    check_command           check_nrpe!check_disk\n}\n\ndefine service {\n    use                     remote-service\n    host_name               elk-stack\n    service_description     Current Users\n    check_command           check_nrpe!check_users\n}\n\ndefine service {\n    use                     remote-service\n    host_name               elk-stack\n    service_description     Total Processes\n    check_command           check_nrpe!check_total_procs\n}\n\ndefine service {\n\n    use                     remote-service\n    host_name               elk-stack\n    service_description     Current Load\n    check_command           check_nrpe!check_load\n}\n<\/code><\/pre>\n\n\n\n
These services will be checked on our server on which NRPE agent Docker container is running.<\/p>\n\n\n\n
Sample checks status on Nagios server;<\/p>\n\n\n\n
\"Deploy<\/figure><\/a><\/div>\n\n\n\n
And that is it on how you can deploy NRPE agent as a Docker container.<\/p>\n\n\n\n
Other Tutorials<\/h3>\n\n\n\n
Nagios related tutorials<\/a><\/p>\n\n\n\n
Docker related tutorials<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
In this tutorial, you will learn how to deploy NRPE agent as a Docker container. Docker containers have revolutionized how applications are deployed! They make<\/p>\n","protected":false},"author":10,"featured_media":15189,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[72,1076,1077,121,73],"tags":[6257,6256,6258,6255,6260,6259],"class_list":["post-15120","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-monitoring","category-containers","category-docker","category-howtos","category-nagios","tag-build-nrpe-docker-image","tag-create-nrpe-docker-container","tag-deploy-nrpe-agent-as-a-docker-container","tag-install-nrpe-docker-container","tag-nrpe-docker-agent","tag-nrpe-docker-container","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/15120"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=15120"}],"version-history":[{"count":14,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/15120\/revisions"}],"predecessor-version":[{"id":20687,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/15120\/revisions\/20687"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/15189"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=15120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=15120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=15120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}