CEE2.0.0p1 - Registering of Baked Agents fails

Hi,

I have trouble registering my baked agents with the deployment server. I tried it on multiple hosts:

'# cmk-update-agent register
401 Client Error: Unauthorized for url: http:// 192.168.23.100:8081/OMD/check_mk/login.py
See syslog or Logfile at /var/lib/check_mk_agent/cmk-update-agent.log for details.

Content of /var/lib/check_mk_agent/cmk-update-agent.log:

2021-04-02 18:44:25,142 DEBUG: Starting Checkmk Agent Updater v2.0.0
2021-04-02 18:44:25,145 DEBUG: Successfully read /etc/cmk-update-agent.state.
2021-04-02 18:44:25,147 DEBUG: Successfully read /etc/check_mk/cmk-update-agent.cfg.
2021-04-02 18:44:25,151 DEBUG: Starting Registration Mode.
2021-04-02 18:44:25,152 INFO: Going to register agent at deployment server
2021-04-02 18:44:25,203 DEBUG: Authenticating at Checkmk Server (using requests): http:// 192.168.23.100:8081/OMD/check_mk/login.py
2021-04-02 18:44:25,227 DEBUG: Caught Exception:
Traceback (most recent call last):
File “/usr/lib/check_mk_agent/plugins/3600/cmk-update-agent”, line 1786, in main
requested_mode.run()
File “/usr/lib/check_mk_agent/plugins/3600/cmk-update-agent”, line 808, in run
self._run_mode()
File “/usr/lib/check_mk_agent/plugins/3600/cmk-update-agent”, line 926, in _run_mode
self._config.host_secret = self._register_agent()
File “/usr/lib/check_mk_agent/plugins/3600/cmk-update-agent”, line 1033, in _register_agent
auth=True)
File “/usr/lib/check_mk_agent/plugins/3600/cmk-update-agent”, line 325, in fetch_data_from_server
raise pending_exc
File “/usr/lib/check_mk_agent/plugins/3600/cmk-update-agent”, line 318, in fetch_data_from_server
return self._do_request(base_url, site_rel_url, post_args, auth)
File “/usr/lib/check_mk_agent/plugins/3600/cmk-update-agent”, line 333, in _do_request
self._login_site(session, base_url)
File “/usr/lib/check_mk_agent/plugins/3600/cmk-update-agent”, line 366, in _login_site
auth_response.raise_for_status()
File “/usr/lib/python3/dist-packages/requests/models.py”, line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)

requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: http:// 192.168.23.100:8081/OMD/check_mk/login.py
2021-04-02 18:44:25,236 ERROR: 401 Client Error: Unauthorized for url: http:// 192.168.23.100:8081/OMD/check_mk/login.py

Credentials are the one of my admin account, which has all rights to deploy and register agents.

Apache log on my deployment server:

• • • [02/Apr/2021:18:44:25 +0200] “HEAD /OMD/check_mk HTTP/1.1” 302 - “-” “python-requests/2.21.0”
• • • [02/Apr/2021:18:44:25 +0200] “HEAD /OMD/check_mk/ HTTP/1.1” 401 - “-” “python-requests/2.21.0”
• • • [02/Apr/2021:18:44:25 +0200] “POST /OMD/check_mk/login.py HTTP/1.1” 401 381 “-” “python-requests/2.21.0”

When I try it with wget it works with the correct credentials:

'# wget --user iro --password ********* http:// 192.168.23.100:8081/OMD/check_mk/login.py
–2021-04-02 18:49:15-- http:// 192.168.23.100:8081/OMD/check_mk/login.py
Verbindungsaufbau zu 192.168.23.100:8081 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 401 Unauthorized
Authentifizierung ausgewählt: Basic realm=“OMD Monitoring”
Wiederverwendung der bestehenden Verbindung zu 192.168.23.100:8081.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 302 FOUND
Platz: index.py [folgend]
–2021-04-02 18:49:15-- http:// 192.168.23.100:8081/OMD/check_mk/index.py
Wiederverwendung der bestehenden Verbindung zu 192.168.23.100:8081.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 200 OK
Länge: 87385 (85K) [text/html]
Wird in »login.py« gespeichert.

login.py 100%[==================================================================================================>] 85,34K --.-KB/s in 0,03s

2021-04-02 18:49:15 (2,90 MB/s) - »login.py« gespeichert [87385/87385]

Fails with the wrong credentials:

'# wget --user iro --password ********* http:// 192.168.23.100:8081/OMD/check_mk/login.py
–2021-04-02 18:50:07-- http:// 192.168.23.100:8081/OMD/check_mk/login.py
Verbindungsaufbau zu 192.168.23.100:8081 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 401 Unauthorized
Authentifizierung ausgewählt: Basic realm=“OMD Monitoring”
Wiederverwendung der bestehenden Verbindung zu 192.168.23.100:8081.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 401 Unauthorized

Authentifizierung mit Benutzername/Passwort fehlgeschlagen.

Has anyone faced the same issue and found a solution?

Cheers iro

Have you enabled HTTP basic auth on the webserver? It normally does not return a 401 on the checkmk web application or API.

I don’t think that the agent updater can handle HTTP basic auth.

Not that I am aware of. It uses the internal apache which comes with CMK. I also tried a reverse proxy via port 80, but same result.

My bad. Yes I use basic auth (local user) as I dont have a LDAP server running.

So does this mean there is no chance at all that the agents first authenticates and then checks for the new agent?

Cheers iro

For local checkmk accounts you do not need to enable basic auth in the webserver.

This is usually done for uncommon external auth backends like databases or Kerberos.

Thanks r.sander!

Took me a while to find the correct file. Maybe this helps someone else in the future. I removed the AUTH lines within /opt/omd/sites/[SITE_NAME]/etc/apache/conf.d/auth.conf

I’m not sure if added the lines myself years ago, or if it was a setting which came with OMD RAW 1.2x (the version I started with).

Nevertheless, thanks for the hints, the agent update is working fine now!

Cheers iro

omd diff is the tool to find altered config files like these.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.