latest update 2.2-3ubuntu3 caused check_ntp_time to fail

Bug #1881880 reported by Christoph Mitasch
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
monitoring-plugins (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
Incomplete
Undecided
Unassigned

Bug Description

Hello,

after installing 2.2-3ubuntu3 check_ntp_time fails with "NTP CRITICAL: Offset unknown" on multiple systems.

:~# /usr/lib/nagios/plugins/check_ntp_time -H 192.168.x.x
NTP CRITICAL: Offset unknown|
:~# /usr/lib/nagios/plugins/check_ntp_time -H 192.168.x.x -v
sending request to peer 0
re-sending request to peer 0
re-sending request to peer 0
response from peer 0: offset -0.0001745223999
sending request to peer 0
re-sending request to peer 0
re-sending request to peer 0
re-sending request to peer 0
re-sending request to peer 0
discarding peer 0: stratum=0
overall average offset: 0
NTP CRITICAL: Offset unknown|

I found out that disabling the "kod" option on our internal NTP server helps to get it working again.

But this is only a workaround since check_ntp_time should handle kod correctly.

Thanks,
Christoph

Revision history for this message
Paride Legovini (paride) wrote :

Hi and thanks for taking the time to file this bug. What you describe is pretty strange, as according to the changelog the update from monitoring-plugins 2.2-3ubuntu2 to 2.2-3ubuntu3 only involves a fix on the check_http plugin. The check_ntp_* plugins were not touched.

I think it's worth double checking the problem actually comes from monitoring-plugins. Could you try to downgrade the package, like this:

  apt install monitoring-plugins-basic=2.2-3ubuntu2

and check if the problem goes away?

I can't reproduce the problem with:

  /usr/lib/nagios/plugins/check_ntp_time -H pool.ntp.org -v

but the queried servers are probably not sending KoD packets.

I'm setting the status of this report to Incomplete for the moment. Please change it back to New after commenting back and we'll look at it again. Thanks!

Changed in monitoring-plugins (Ubuntu):
status: New → Incomplete
Revision history for this message
Christoph Mitasch (cmitasch) wrote :

Hello Paride,

thanks for your analysis.

I did a downgrade as proposed and can confirm that the problem goes away then.

We are running our own ntp server on bionic. Maybe you could verify the problem by running your own ntp server. The problem with check_ntp_time also occurs when querying localhost.

The following commented out ntp-server option with "kod" enabled leads to "Offset unknown".
restrict -4 default notrap nomodify nopeer noquery limited
#restrict -4 default kod notrap nomodify nopeer noquery limited

The following post suspects that check_ntp_time is not handling kod correctly.
https://serverfault.com/a/947963

Thanks,
Christoph

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The change in 2.2-3ubuntu3 is this https://github.com/nagios-plugins/nagios-plugins/commit/2b38350d54
Which IMHO should not affect check_ntp_*, but ?!

Given that the update was from Rafael I think we can wait until he is back - maybe he has some magic context knowledge or idea that we are missing.

Tagging update-regression as that is what it seems to be ...

Changed in monitoring-plugins (Ubuntu):
assignee: nobody → Rafael David Tinoco (rafaeldtinoco)
tags: added: regression-update
Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

# compilation

x86_64-linux-gnu-gcc -DLOCALEDIR=\"/usr/share/locale\" -DHAVE_CONFIG_H -I. -I.. -I.. -I../lib -I../gl -I../intl -I/usr/include/ldap -I/usr/include/postgresql -I/usr/include -Wdate-time -D_FORTIFY_SOURCE=2 -DNP_VERSION='"2.2"' -g -O2 -fdebug-prefix-map=/home/rafaeldtinoco/work/sources/ubuntu/monitoring-plugins=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wl,-z,now -MT check_ntp_time.o -MD -MP -MF .deps/check_ntp_time.Tpo -c -o check_ntp_time.o check_ntp_time.c

# linking

libtool --tag=CC --mode=link x86_64-linux-gnu-gcc -DNP_VERSION='"2.2"' -g -O2 -fdebug-prefix-map=/home/rafaeldtinoco/work/sources/ubuntu/monitoring-plugins=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wl,-z,now -Wl,-Bsymbolic-functions -Wl,-z,relro -L. -L/usr/lib -o check_ntp_time check_ntp_time.o libnpcommon.a ../lib/libmonitoringplug.a ../gl/libgnu.a -lnsl -lresolv -lm -lpthread -ldl

# static objects linked with check_ntp_time binary:

- libnpcommon.a generation:

x86_64-linux-gnu-ar cru libnpcommon.a utils.o netutils.o sslutils.o runcmd.o popen.o runcmd.o

> changes to: utils.c netutils.c sslutils.c runcmd.c popen.c could change the binary output of check_ntp_time.c. There was no change to those files in last update.

- libmonitoringplug.a generation:

x86_64-linux-gnu-ar cru libmonitoringplug.a utils_base.o utils_disk.o utils_tcp.o utils_cmd.o parse_ini.o extra_opts.o

> changes to utils_base.c utils_disk.c utils_tcp.c utils_cmd.c parse_ini.c extra_opts.c could change binary output of check_ntp_time.c. There was no change to those files in last update.

# with all updates applied, affected source files were:

 modified: plugins-root/Makefile.am
 modified: plugins-root/Makefile.in
 modified: plugins-root/check_dhcp.c
 modified: plugins-root/check_icmp.c
 modified: plugins/check_apt.c
 modified: plugins/check_fping.c
 modified: plugins/check_http.c
 modified: plugins/check_ide_smart.c
 modified: plugins/check_ldap.c
 modified: plugins/check_ntp.c
 modified: plugins/check_ntp_peer.c
 modified: plugins/check_pgsql.c
 modified: plugins/check_radius.c
 modified: plugins/check_real.c
 modified: plugins/check_smtp.c
 modified: plugins/t/check_apt.t
 modified: po/de.po
 modified: po/fr.po
 modified: po/monitoring-plugins.pot

so there is nothing in any quilt patch that could have touched check_ntp_time and changed its behavior.

This is a new bug.

tags: removed: regression-update
Changed in monitoring-plugins (Ubuntu):
assignee: Rafael David Tinoco (rafaeldtinoco) → nobody
Changed in monitoring-plugins (Ubuntu Bionic):
status: New → Incomplete
Changed in monitoring-plugins (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.