0

I am trying to set up NRPE to enable remote Nagios monitoring of a new FreeNAS 0.91 system. I mostly have this working. I can connect and inquire about basic information like number of processes, users, etc.

But I can't run zpool list to inquire about the health of the RAIDZ, which is key to properly monitoring the box.

When I run from the main root account, it works:

[stewlg@bauer] /dev# zpool list
NAME          SIZE  ALLOC  FREE    CAP  DEDUP  HEALTH  ALTROOT
BigMediaToo  21.8T  1.11T  20.6T    5%  1.00x  ONLINE  /mnt

But when I run it from within the jail, it does not:

root@NagiosJail:/usr/local/libexec/nagios # zpool list
no pools available

I've read many posts, but I'm just not sure about what exactly it is that I'm trying to allow the jailed environment to do, so I don't know what to enable.

Posts like this seem like they may contain the answer: Yet I don't know quite what to do. Is it /etc/devfs.rules that I need to edit?

System layout, to help with names if anyone has an example for me:

  • A single ZFS volume at /mnt/BigMediaToo
  • A single jail called NagiosJail. Its dataset is at /mnt/BigMediaToo/JailsDataset.
Community
  • 1
StewLG
  • 271
  • 4
  • 6
  • Jail is working then :) isn't that what its for? – Paddy Carroll Aug 10 '13 at 08:34
  • FreeNAS has a read-only root filesystem that it typically boots off USB flash drive, so installing NRPE to it appears to be a fool's errand (although this fool has sure tried). That means your main option for running anything beyond the base install is a Jail. You are of course right that the jail is meant for this kind of security restriction, but it's also one of my only options for running additional software that isn't included in the base FreeNAS platform. – StewLG Aug 10 '13 at 16:47

1 Answers1

1

Don't kill yourself breaking out of jail, Set up cron job as root to dump the output of zpool and redirect output to shared file store every minute or so and read that.

Paddy Carroll
  • 237
  • 1
  • 2
  • 11
  • 1
    That's a good suggestion. I've done things like this before. But I do find that I have to add an extra level of complexity to the checking, to make sure that the results of the job aren't stale (cron script is still running, permissions haven't changed, etc. etc.) It also makes checks less immediate, which can be confusing and aggravating when you are trying to see status in a crisis. But this is a workable solution, so thank you for it. – StewLG Aug 10 '13 at 16:39