NRPE SSL Support

From OpenNMS

Contents

Introduction

Starting with OpenNMS version 1.3.10, the NRPE plugin and monitor classes support SSL operation. This mode is the default for recent releases of both the official NRPE daemon (Unix, when built with SSL support) and NSClient++ (Windows, NRPEListener only).

Configuring NRPE Daemon

NRPE on Unix

The default for NRPE release 2.11 on Unix is to use SSL, unless you specify the -n parameter on the command line.

NSClient++ on Windows

The default for the NRPEListener of NSClient++ release 0.3.0 on Windows is to use SSL, unless you set use_ssl=0 in NSC.ini or in the registry.

Configuring OpenNMS

Configuring NrpePlugin for discovery

In capsd-configuration.xml, add a keyed parameter (key usessl, value true) to each protocol-plugin that uses the NrpePlugin. Note that the plugin will use SSL by default, so you can leave this parameter out if you know that you use SSL everywhere that you use NRPE. In a mixed environment, you can configure two protocol-plugin elements, one with SSL enabled and one with SSL disabled, but you will need to use separate protocol names (e.g. "NRPE" and "NRPES") if you do this. 

    <protocol-plugin protocol="NRPE" class-name="org.opennms.netmgt.capsd.plugins.NrpePlugin" scan="on" user-defined="false">
       <property key="banner" value="*" />
       <property key="port" value="5666" />
       <property key="timeout" value="3000" />
       <property key="retry" value="2" />
       <property key="command" value="_NRPE_CHECK" />
       <property key="usessl" value="true" />
   </protocol-plugin>

Configuring NrpeMonitor for polling

In poller-configuration.xml, add a keyed parameter (key usessl, value true) to each service that uses the NrpeMonitor. Note that the monitor will use SSL by default, so you can leave this parameter out if you know that you use SSL everywhere that you use NRPE. In a mixed environment, you can configure two service elements, one with SSL enabled and one with SSL disabled, but be sure that the service names match the protocol names in capsd-configuration.xml. 

               <service name="NRPE" interval="300000" user-defined="false" status="on">
                       <parameter key="retry" value="3"/>
                       <parameter key="timeout" value="3000"/>
                       <parameter key="port" value="5666"/>
                       <parameter key="command" value="_CHECK_NRPE"/>
                       <parameter key="padding" value="2"/>
                       <parameter key="rrd-repository" value="/opt/opennms/share/rrd/response"/>
                       <parameter key="ds-name" value="nrpe"/>
                       <parameter key="usessl" value="true"/>
               </service>

Version History/Availability

Retrieved from "http://www.opennms.org/wiki/NRPE_SSL_Support"
Personal tools
DevJam 2008 Sponsors
DevJam 2008 Sponsor: Google
DevJam 2008 Sponsor: Netregistry
DevJam 2008 Sponsor: Papa John's
NewEdge Networks
OpenNMS takes home the gold award!
Join the Free Software Foundation
Support This Project Commercial OpenNMS Support OpenNMS Italia Get OpenNMS at SourceForge.net. Fast, secure and Free Open Source software downloads Our Network Simulator Our Java Profiler