[ US $75 per hour ] Update/fix NRPE package

Briantist

There are currently several problems with the NRPE package.

Critical Issues:

The package requires additional dependencies that must be installed from the command line with pkg_add (installing libiconv and texinfo seems to do the trick)
It appears as though changes made in the GUI must be saved twice before they are written out to the /usr/local/etc/nrpe.cfg file. After one save, the GUI saves the changes, but the cfg file never receives them. After a second save the changes are written out.
Several issues regarding stopping/starting the service. Whether the service starts or stops seems to be a total crapshoot. It seems independent of the "enabled" setting, and at times I haven't been able to get it to start from the GUI at all, requiring it to be manually started from the command line (when this is done, it can't be stopped in the GUI).

Important but non-critical issues:

SSL is not used there is no option to turn it on. To my knowledge NRPE runs with SSL by default and a command line option (-n) is given to turn it off. Is there a reason why it's disabled, and why a simple check box can't be added to make this an option?

Other:

Changing the GUI to have a list box for allowed hosts would be nice. Being able to give subnets and/or ranges in addition to individual IPs would be great, but I realize it may add complexity, since it seems that the comma-separated list is how the config file needs it listed, so a subnet or range would have to be expanded out.

All critical issues must be solved to complete the bounty. At this time, the "Important" issue must also be solved, but I may take that off the table if there are additional complexity issues that I'm unaware of; would like some feedback on the feasibility of that. This should be available for 1.2.3.

The changes in "Other" would be great to have, but aren't strictly necessary. If they are possible but require additional funds, let me know and if I can get approval for it, I will.

PMs are fine but e-mail contact would be better. BrianS {at] bri-tech (d0t> com

Thanks!

Briantist

It's been a month and no responses, so I've upped this to $100. If someone is at all interested, please let me know even if the money isn't enough. If you want to do it but need more, please tell me and I will see what I can do. Thanks!

Briantist

Based on feedback in another thread, I've changed the bounty. I'm offering $75 USD per hour, but would like a reasonable estimate before any work starts. If there isn't enough information to create an estimate please let me know, and I will do whatever I can to provide it.

Eugene

Bounty is completed in terms of solving all critical issues and making nrpe deamon work in SSL mode. We need somebody to implement patches into pfSense packages repository. Thanks.

Briantist

@Eugene:

Bounty is completed in terms of solving all critical issues and making nrpe deamon work in SSL mode. We need somebody to implement patches into pfSense packages repository. Thanks.

Eugene has done a great job with the changes, which I tested by loading the package from his repo. All we need now is for a developer to put the changes into the official repository.

jimp

@Eugene:

Bounty is completed in terms of solving all critical issues and making nrpe deamon work in SSL mode. We need somebody to implement patches into pfSense packages repository. Thanks.

Do you have a patch set or a set of files with the needed changes?

Eugene

@jimp:

@Eugene:

Bounty is completed in terms of solving all critical issues and making nrpe deamon work in SSL mode. We need somebody to implement patches into pfSense packages repository. Thanks.

Do you have a patch set or a set of files with the needed changes?

Yes, I've requested merge here https://rcs.pfsense.org/projects/pfsense-packages/repos/Eugene-clone
Plus I had to recompile nrpe-2.12_1.tbz to support SSL.

jimp

If one of the other maintainers can't get to this I can commit it later this evening after I finish up another project.

I can also upload that binary to files.pfsense.org where it needs to go, just get me a URL to download your copy of nrpe-2.12_1.tbz.

esoteric

Eugene, thanks for the work.

I hadn't been watching the forums, thats my bad.

I had just recently been notified about the config save issue and was working on that.

I'll review your changes and merge providing I don't find any inconsistencies.

Thanks for the hard work!

-Erik

esoteric

We need the tbz files … can you please email me the ones you have or email them to me ...

Thanks ...

Eugene

@esoteric:

We need the tbz files … can you please email me the ones you have or email them to me ...

Thanks ...

Hi Erik!
I do not know your e-mail, you can pick up all files at http://38.99.140.197/packages
Thank you!

esoteric

Sorry I guess I should have posted my email in my post … oh well.

Jim grabbed them and pushed them up to the server.

I merged your changes after testing into mainline. Thanks for the fixes.

-Erik

Eugene

Thank you guys! Just tested - everything works properly. Great job!
Erik, thanks for the package.

esoteric

No problem. Thanks for the fixes.

Briantist

This is excellent news! From my test machine, all seems to be working properly. I'm still having a problem with a machine that had the older NRPE package installed though. The package manager doesn't see this as a new version of the package, so even if I reinstall the package, or uninstall and reinstall it, it doesn't seem to be updating anything to the new versions. Is there some way I can manually rip out the package so that when I install it again it will download everything fresh? Or better yet, will simply changing the version number in the repo allow anyone with an existing NRPE installation to "upgrade" to this new version?

Eugene

I do not think 'version' trick will work.
All you need to do is:

Uninstall package via WEB-interface System->Packages->Installed Packages.
From console

pkg_delete nrpe-2.12_1
pkg_delete

Install nrpe via WEB-interface.

CAUTION:config file will be gone.

Briantist

That worked perfectly. I consider the bounty completed for my purposes. Since extra steps are needed to replace the package, I think those steps should be posted somewhere, maybe in the packages subforum? You can contact me via e-mail for payment arrangements; just send me your PayPal e-mail address unless you would like to make other arrangements. Thanks again; great work.

Eugene - let me know as soon as you get paid and I'll send this to the completed bounties section. Great job for everyone involved! Thanks for showing that the bounty process still does work.

Eugene

Paid. Thanks -)