MacOS – Why is the launchctl program not accepting external connections

launchdmacos

I am trying to set up the Check_MK agent with launchd on a Mac server, to return data over port 6556 when another machine connects to it.

(The agent itself is essentially just a shell script that outputs various information about the machine's status in a vaguely machine-readable format.)

I am able to connect to it from the machine itself, e.g. with curl localhost:6556, but if I try to connect externally, it just times out.

I have a .plist file set up like the one at de.mathias-kettner.check_mk.plist, stored in /Library/LaunchDaemon:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>EnvironmentVariables</key>
        <dict>
                <key>HOME</key>
                <string>/var/root</string>
                <key>PATH</key>
                <string>/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin</string>
        </dict>
        <key>Label</key>
        <string>de.mathias-kettner.check_mk</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/bin/check_mk_agent</string>
        </array>
        <key>Sockets</key>
        <dict>
                <key>Listeners</key>
                <dict>
                        <key>SockServiceName</key>
                        <string>6556</string>
                </dict>
        </dict>
        <key>inetdCompatibility</key>
        <dict>
                <key>Wait</key>
                <false/>
        </dict>
        <key>AbandonProcessGroup</key>
        <true/>
        <key>StandardErrorPath</key>
        <string>/var/log/check_mk.err</string>
        <key>WorkingDirectory</key>
        <string>/var/root</string>
</dict>
</plist>

(The only difference is that the check_mk_agent is /usr/local/bin instead of /usr/bin, because I couldn't create the file there.)

The check_mk_agent file itself can be found at: check_mk_agent.macosx

The strange thing is, if I point the .plist file to something like /bin/date, then it works externally as well.

The only thing I can conclude is that the task runs with different permissions depending on the IP or interface the connection comes from, but I don't know how to change the permissions it tries to run with.

Best Answer

why you are not using ssh to request the data from the agent at the mac? https://mathias-kettner.de/checkmk_datasource_programs.html You need not the launchd.

regards, Oliver

Related Question