BUG: Bake and sign agents does NOT sign agents

After creating new agents with “Bake & sign agents” all new agents report back as unsigned.
But creating new agents with “Bake agents” and then “Sign agents” works.

Version: CMK Enterprise 2.0.0p21

Does this happen every time, or did it only happen once?

As far as I tested it, every time.

Never heard of that behavior. You should check the logs or open a ticket.

Any ideas which logs to look at?
I could not find anything about agent baking in the “usual suspects”.

The only problem with “bake & sign” i had until now was that sometimes not all agent are get signed.
That’s why sometimes I make a “bake & sign” and after it completes a single “sign agent” to be save that all agents get a valid signature. I had no system like that from @msommer that no agent got signed.

As far as I know, when doing a bake(&sign) only agents that really need a re-bake (because of config/version changes) are actually re-baked and the others stay untouched.
So maybe in fact it does not work for you too, and “not all agents were signed” actually means none of the really “re-baked” agents were signed?

I can second Andreas’ observation. And I would say @msommer that even for actions where all agents are rebaked (i.e. after an update of checkmk) it only affects some agents, not all. I haven’t really seen a pattern yet, some instances are never affected, others more regularly, but no instance is affected at every baking process.

1 Like

For me it’s exactly the same thing. Sometimes it’s one or 2 agents and sometimes it’s like 5. Never really had more than that. We have ~150 baked agents in total.

1 Like

As at least some of you have a support contract, I suggest opening a ticket, so we can take a look at logs and so on together, rather than poking the haystack. :slight_smile:
You may request my name in the ticket.

Hi Robin,
I would open a ticket if this was reproducible… but I’ve seen it happen at customers once in a while, and then not for multiple weeks… plus the workaround is simply too simple for any single customer to be willing to invest time into troubleshooting this.

Absolutely understandable, no worries.
I have not seen this myself yet, hence the query to investigate more in depth.
But maybe someone else comes across this and is able to invest time into troubleshooting this.