Agent bakery: exception baking agents with TLS

cyrus1683 · June 1, 2022, 8:16am

CMK version:
2.1 Enterprise

OS version:
Ubuntu 20.04

Error message:

Exception: Error running automation call bake-agents (exit code 2), error: 
Error creating agent for GENERIC: Error in bakery plugin "agent_encryption" ("files" section): 'use_regular'

Traceback (most recent call last):
  File "/omd/sites/cb3/lib/python3/cmk/base/cee/bakery/agent_bakery.py", line 327, in _collect_bakelet_objects
    objects += function(**func_args)
  File "/omd/sites/cb3/lib/python3/cmk/base/cee/api/bakery/function_types.py", line 103, in filtered_generator
    for element in function(*args, **kwargs):
  File "/omd/sites/cb3/lib/python3/cmk/base/cee/plugins/bakery/agent_encryption.py", line 29, in get_agent_encryption_files
    conf["passphrase"], conf["use_regular"], conf["use_realtime"]
KeyError: 'use_regular'

This error comes for every Host (Ubuntu 20.04 and Centos 7)

When I deactivate encryption it works. So am I doing something wrong?

Thanks for your help!

Daniel

MarcK · June 10, 2022, 2:02pm

Same here, but on Debian 11.

CMK 2.1p2

andreas-doehler · June 12, 2022, 7:04pm

I checked on my test system (Ubuntu 20.04 / CMK 2.1.0p2) and got no error message at building time.
Is in your system only one encryption rule?
I tested also with one old rule and one rule for TLS and also no error.

paulr282 · June 22, 2022, 8:31am

Wanted to test TLS and got the same problem. Running 2.1.0p2 Enterprise

mcx808 · August 4, 2022, 2:54pm

I’m having the same issue. New user trialling checkMK, 2.1.0p9 Enterprise Free.

Exception: Error running automation call bake-agents (exit code 2), error: 
Error creating agent for GENERIC: Error in bakery plugin "agent_encryption" ("files" section): 'use_regular'

Traceback (most recent call last):
  File "/omd/sites/cmk/lib/python3/cmk/base/cee/bakery/agent_bakery.py", line 328, in _collect_bakelet_objects
    objects += function(**func_args)
  File "/omd/sites/cmk/lib/python3/cmk/base/cee/api/bakery/function_types.py", line 103, in filtered_generator
    for element in function(*args, **kwargs):
  File "/omd/sites/cmk/lib/python3/cmk/base/cee/plugins/bakery/agent_encryption.py", line 29, in get_agent_encryption_files
    conf["passphrase"], conf["use_regular"], conf["use_realtime"]
KeyError: 'use_regular'

dennis.ehmer · August 16, 2022, 8:30am

Apart from Andreas I am also not yet able to reproduce.
Which rules need to be added to a fresh system for this issue to appear?

Manuelraa · September 24, 2022, 8:26am

Edit: Actually this is not really a fix because since “2.1.0” one is supposed to “For this reason, you should disable the built-in encryption promptly after switching to TLS”

I don’t know how to reproduce. But I had the same problem. Since it’s just a private non critical instance I modified the “./etc/check_mk/conf.d/wato/rules.mk” file of my site.

From:

agent_encryption = [
{'id': '21421d83-dc28-446e-a6b0-42be6618ee3c', 'value': {'use_realtime': 'enforce', 'passphrase': 'XXX'}, 'condition': {}, 'options': {'disabled': False}},
] + agent_encryption

To:

agent_encryption = [
{'id': '21421d83-dc28-446e-a6b0-42be6618ee3c', 'value': {'use_regular': 'enforce', 'use_realtime': 'enforce', 'passphrase': 'XXX'}, 'condition': {}, 'options': {'disabled': False}},
] + agent_encryption

Before I tried just recreating the rule from the UI. Tho I didn’t activate after deletion…

Hope this at least helps some people to fix it.

AndiU · May 12, 2023, 2:22pm

Hi!

It took some time, but this should be fixed with Fix "KeyError('use_regular')"

Also, I must admit that choosing among the available agent encryption options in Checkmk 2.1 is a bit cumbersome.
This has been improved with Real-time checks: Simplify encryption setup and Agent Encryption: Simplify configuration for Checkmk 2.2

Cheers
Andi