I have a plugin to check the services running on docker.
I’ve gone through all of the suggestions from the dozens of posts I have seen here, but I’m still not able to get this to work.
The commands all run individually and the script runs as well, locally.
I added the nrpe user to the wheel and docker groups and set the wheel group in visudo to run anything without a password.I modified /etc/passwd temporarily to allow the nrpe user to login with a shell. The script runs with or without sudo.
This part passes successfully:
/bin/docker > /dev/null 2>&1 if [ $? -eq 1 ]; then echo "UNKNOWN - Missing docker binary" exit 3 fi
This part fails. The command exists with a ‘1’ and I can’t get any output from the docker command. I’ve tried several things, including writing it to a file, but every time the file is blank.
/bin/docker stack ls | grep $STACK if [ $? -eq 1 ]; then echo "UNKNOWN - $STACK does not exist. $(/usr/bin/sudo /bin/docker stack ls) \n $(whoami)" exit 3 fi
This is the output I’m getting:
UNKNOWN - ValidService does not exist. \n nrpe.
Any idea what permission I’m missing or is it something else?
Answer
SELinux is blocking my script from accessing “container_runtime_exec_t”.
I will start a new question on how to allow this. My new company runs selinux on most systems.
Attribution
Source : Link , Question Author : D.Fitz , Answer Author : D.Fitz