I want to poweroff my NAS and ESXI when there is a power failure. Both of the system run on a Eaton UPS. I only run Linux systems and therefore I can not use the Eaton Manager, Windows only.
Since I use Nagios for other tasks, I would like to create a plugin that, using ssh-public-key, can connect to the above systems and power them off.
The public key of the Nagios user is already installed on the root user of the ESXI (the NAS will come later). When I change user to Nagios (on Nagios server) and manually run the script, this connects to the ESXI and (for the moment) it writes a "testfile" on /tmp. It works.
When the script is ran by Nagios itself, it doesn't. This script runs as a handler:
define host {
name home-monitoring
use generic-host
check_period 24x7
check_interval 5
contact_groups admins
event_handler poweroff_host
register 0
}
cat /usr/lib64/nagios/plugins/poweroff_host.sh
#!/bin/bash
/usr/bin/ssh root@esxi -i /var/spool/nagios/.ssh/id_rsa "touch /tmp/testfile"
cat /etc/nagios/objects/commands.cfg
define command{
command_name poweroff_host
command_line sudo /usr/lib64/nagios/plugins/poweroff_host.sh
}
visudo
(at the bottom of the file)
nagios ALL = (root) NOPASSWD:/usr/lib64/nagios/plugins/poweroff_host.sh
I have also added nagios user to the wheel group (using usermod)
# grep wheel /etc/group
wheel:x:10:nagios
And last, I've been hitting my head here for the last 4 days and keep getting errors in the log. The last error is:
journalctl -xef
stderr line 01: /usr/lib64/nagios/plugins/poweroff_host.sh: line 2: /usr/bin/ssh: Permission denied
Before visudo, the error was no ssh in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin)
, at least now I managed to change the kind of error.
Can I please have some help and fix the issue?
UPDATE 1:
[root@nagios ~]# audit2allow -i /var/log/audit/audit.log
#============= nagios_t ==============
allow nagios_t ldconfig_exec_t:file { execute getattr };
allow nagios_t nagios_spool_t:dir create;
allow nagios_t pam_var_run_t:dir write;
allow nagios_t ssh_exec_t:file { execute getattr };
allow nagios_t tmpfs_t:dir write;
Fast forward to semodule
command but stderr line 01: /usr/lib64/nagios/plugins/poweroff_host.sh: line 2: /usr/bin/ssh: Permission denied
is still there :/
I will try disabling Selinux at all :/