Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#865403: monitoring-plugins-basic: check_ntp fails with stretch version of ntpd
20 views
Skip to first unread message
Christoph Biedl
Jun 21, 2017, 2:30:03 AM6/21/17
to
Package: monitoring-plugins-basic
Version: 2.2-3
Severity: important
Dear Maintainer,
not unusual, I use check_ntp to probe a few ntp servers. After the
first of them was upgraded to stretch, the check fails with "NTP
CRITICAL: Offset unknown".
Some more investigation led me to the assumption ntpd implements a
strict rate limiting now, and check_ntp manages to trigger this.
How to repeat: Where $server is an ntpd in stretch, run (see #509359
why the LANG setting is necessary)
LANG=C /usr/lib/nagios/plugins/check_ntp -4 -H $server -w 0.5 -c 0.8
Expected output (numbers may differ):
NTP OK: Offset 0.001221060753 secs|offset=0.001221s;0.500000;0.800000;
Actual output:
NTP CRITICAL: Offset unknown|
Running
ntpdate -u -q $server
afterwards results in
$time ntpdate[1234]: $server rate limit response from server.
server $server, stratum 0, offset 0.000000, delay 0.00000
Also tcpdump shows pretty obvious the server just stops replying.
This affects both the jessie and stretch version of check_ntp, I haven't
checked older ones.
Although technically this could be worked around by changing the ntpd
configuration, I guess it's saner to address this in check_ntp, probably
by just placing a sleep in the right place. Please handle this in jessie
and stretch as well in a point release as people likely run their
monitoring applications on stable Debian releases.
Regards,
Christoph
-- System Information:
Debian Release: 9.0
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.31 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages monitoring-plugins-basic depends on:
ii iputils-ping 3:20161105-1
ii libc6 2.24-11+deb9u1
ii libssl1.1 1.1.0f-3
ii monitoring-plugins-common 2.2-3
ii procps 2:3.3.12-3
ii ucf 3.0036
Versions of packages monitoring-plugins-basic recommends:
ii libcap2-bin 1:2.25-1
Versions of packages monitoring-plugins-basic suggests:
pn icinga | icinga2 <none>
-- no debconf information
Version: 2.2-3
Severity: important
Dear Maintainer,
not unusual, I use check_ntp to probe a few ntp servers. After the
first of them was upgraded to stretch, the check fails with "NTP
CRITICAL: Offset unknown".
Some more investigation led me to the assumption ntpd implements a
strict rate limiting now, and check_ntp manages to trigger this.
How to repeat: Where $server is an ntpd in stretch, run (see #509359
why the LANG setting is necessary)
LANG=C /usr/lib/nagios/plugins/check_ntp -4 -H $server -w 0.5 -c 0.8
Expected output (numbers may differ):
NTP OK: Offset 0.001221060753 secs|offset=0.001221s;0.500000;0.800000;
Actual output:
NTP CRITICAL: Offset unknown|
Running
ntpdate -u -q $server
afterwards results in
$time ntpdate[1234]: $server rate limit response from server.
server $server, stratum 0, offset 0.000000, delay 0.00000
Also tcpdump shows pretty obvious the server just stops replying.
This affects both the jessie and stretch version of check_ntp, I haven't
checked older ones.
Although technically this could be worked around by changing the ntpd
configuration, I guess it's saner to address this in check_ntp, probably
by just placing a sleep in the right place. Please handle this in jessie
and stretch as well in a point release as people likely run their
monitoring applications on stable Debian releases.
Regards,
Christoph
-- System Information:
Debian Release: 9.0
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.31 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages monitoring-plugins-basic depends on:
ii iputils-ping 3:20161105-1
ii libc6 2.24-11+deb9u1
ii libssl1.1 1.1.0f-3
ii monitoring-plugins-common 2.2-3
ii procps 2:3.3.12-3
ii ucf 3.0036
Versions of packages monitoring-plugins-basic recommends:
ii libcap2-bin 1:2.25-1
Versions of packages monitoring-plugins-basic suggests:
pn icinga | icinga2 <none>
-- no debconf information
Bas Couwenberg
Jun 21, 2017, 2:40:03 AM6/21/17
to
On 2017-06-21 08:18, Christoph Biedl wrote:
> LANG=C /usr/lib/nagios/plugins/check_ntp -4 -H $server -w 0.5 -c 0.8
check_ntp has been deprecated for many years now, you should be using
> LANG=C /usr/lib/nagios/plugins/check_ntp -4 -H $server -w 0.5 -c 0.8
check_ntp_time & check_ntp_peer instead.
Does the issue also occur with those?
Kind Regards,
Bas
Christoph Biedl
Jun 21, 2017, 2:50:03 AM6/21/17
to
Bas Couwenberg wrote...
Quick check, just replacing check_ntp with one these:
* check_ntp_peer sends a NTPv2 package, no reply from the server.
* check_ntp_time: Same as with check_ntp, works with a jessie ntpd,
fails with a stretch ntpd.
Regards,
Christoph
* check_ntp_peer sends a NTPv2 package, no reply from the server.
* check_ntp_time: Same as with check_ntp, works with a jessie ntpd,
fails with a stretch ntpd.
Regards,
Christoph
Bas Couwenberg
Jun 21, 2017, 3:00:03 AM6/21/17
to
$ /usr/lib/nagios/plugins/check_ntp_peer -H localhost -v
3 candidate peers available
synchronization source found
Getting offset, jitter and stratum for peer d53
parsing offset from peer d53: 0.000473
NTP OK: Offset 0.000473 secs|offset=0.000473s;60.000000;120.000000;
Does your /etc/ntp.conf include the IP for your monitoring system to
allow it to interrogate the ntp server more closely?
Kind Regards,
Bas
Christoph Biedl
Jun 21, 2017, 6:40:02 PM6/21/17
to
Bas Couwenberg wrote...
> $ /usr/lib/nagios/plugins/check_ntp_peer -H localhost -v
> 3 candidate peers available
> synchronization source found
> Getting offset, jitter and stratum for peer d53
> parsing offset from peer d53: 0.000473
> NTP OK: Offset 0.000473 secs|offset=0.000473s;60.000000;120.000000;
Eh, don't try on localhost - ntp in the default configuration grants
that address more rights.
> Does your /etc/ntp.conf include the IP for your monitoring system to allow
> it to interrogate the ntp server more closely?
Adding the monitoring system's IP as another "restrict" item in
/etc/ntp.conf is indeed a workaround. Not a solution, though.
Christoph
> $ /usr/lib/nagios/plugins/check_ntp_peer -H localhost -v
> 3 candidate peers available
> synchronization source found
> Getting offset, jitter and stratum for peer d53
> parsing offset from peer d53: 0.000473
> NTP OK: Offset 0.000473 secs|offset=0.000473s;60.000000;120.000000;
that address more rights.
> Does your /etc/ntp.conf include the IP for your monitoring system to allow
> it to interrogate the ntp server more closely?
/etc/ntp.conf is indeed a workaround. Not a solution, though.
Christoph
0 new messages