Hi Rafal,
My solution for this, as hinted by the web.log stating permission was denied to localhost.crt, is that I had to change the permissions on my localhost.crt from 600 to 644, so that users other than the root user can actually read that file.
Regards,
Adam Chesterton
···
---------- Forwarded message ----------
From: Rafal Bialek bialy_rb@hotmail.com
To: “checkmk-en@lists.mathias-kettner.de” checkmk-en@lists.mathias-kettner.de
Cc:
Bcc:
Date: Wed, 12 Jul 2017 15:28:30 +0000
Subject: [Check_mk (english)] Failed to add certificate to trusted CA certificates for slave site/host in distributed monitoring setup
Hello,
I’m playing with check_mk version 1.4.0p7 in Distributed Monitoring setup. My setup is as follow:
sites.update(
{‘dev’: {‘alias’: u’Local site dev’,
‘disable_wato’: False,
‘disabled’: False,
‘insecure’: True,
‘multisiteurl’: ‘’,
‘persist’: False,
‘replicate_ec’: False,
‘replicate_mkps’: False,
‘replication’: ‘’,
‘status_host’: None,
‘timeout’: 10,
‘user_login’: True,
‘user_sync’: ‘all’},
‘dev_dc1’:
{‘alias’: u’Site for DC1 (Development Environment)',
‘disable_wato’: True,
‘disabled’: False,
‘insecure’: True,
‘multisiteurl’: ‘http://hmlb1mon08/dev_dc1/check_mk/’,
‘persist’: False,
‘replicate_ec’: True,
‘replicate_mkps’: True,
‘replication’: ‘slave’,
‘secret’: ‘STBLGKH5Y@42UY3UPTKBOIOXNBH51KI<’,
‘socket’: ‘tcp:hmlb1mon08:6560’,
‘status_host’: None,
‘timeout’: 10,
‘url_prefix’: ‘/dev_dc1/’,
‘user_login’: False,
‘user_sync’: ‘all’}}
)
and /etc/httpd/conf.d/check_mk_proxy.conf updated for retrieving PNP4Nagios-data from the master
When activating changes i receive a warning related to slave host certificate “ca-certificates: Failed to add certificate ‘/etc/ssl/certs/localhost.crt’ to trusted CA certificates. See web.log for details.”
I didn’t get those warning in earlier version 1.2.x. If certificate for each slave has to be trusted what is the correct way to configure it or maybe disable this. My aim is to automate process of adding slave as much as possible through
ansible.
Regards,
Rafal Bialek
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en
1 Like
Awesome, thanks Adam. Just realised I was looking at wrong log
Regards,
Rafal Bialek
···
From: Adam Chesterton
Sent: 12 July 2017 21:58
To: checkmk-en@lists.mathias-kettner.de;
bialy_rb@hotmail.com
Subject: Re: Failed to add certificate to trusted CA certificates for slave site/host in distributed monitoring setup
Hi Rafal,
My solution for this, as hinted by the web.log stating permission was denied to localhost.crt, is that I had to change the permissions on my localhost.crt from 600 to 644, so that users other than the root user can actually read that file.
Regards,
Adam Chesterton
---------- Forwarded message ----------
From: Rafal Bialek bialy_rb@hotmail.com
To: “checkmk-en@lists.mathias-kettner.de” checkmk-en@lists.mathias-kettner.de
Cc:
Bcc:
Date: Wed, 12 Jul 2017 15:28:30 +0000
Subject: [Check_mk (english)] Failed to add certificate to trusted CA certificates for slave site/host in distributed monitoring setup
Hello,
I’m playing with check_mk version 1.4.0p7 in Distributed Monitoring setup. My setup is as follow:
sites.update(
{‘dev’: {‘alias’: u’Local site dev’,
‘disable_wato’: False,
‘disabled’: False,
‘insecure’: True,
‘multisiteurl’: ‘’,
‘persist’: False,
‘replicate_ec’: False,
‘replicate_mkps’: False,
‘replication’: ‘’,
‘status_host’: None,
‘timeout’: 10,
‘user_login’: True,
‘user_sync’: ‘all’},
‘dev_dc1’:
{‘alias’: u’Site for DC1 (Development Environment)',
‘disable_wato’: True,
‘disabled’: False,
‘insecure’: True,
‘multisiteurl’: ‘http://hmlb1mon08/dev_dc1/check_mk/’,
‘persist’: False,
‘replicate_ec’: True,
‘replicate_mkps’: True,
‘replication’: ‘slave’,
‘secret’: ‘STBLGKH5Y@42UY3UPTKBOIOXNBH51KI<’,
‘socket’: ‘tcp:hmlb1mon08:6560’,
‘status_host’: None,
‘timeout’: 10,
‘url_prefix’: ‘/dev_dc1/’,
‘user_login’: False,
‘user_sync’: ‘all’}}
)
and /etc/httpd/conf.d/check_mk_proxy.conf updated for retrieving PNP4Nagios-data from the master
When activating changes i receive a warning related to slave host certificate “ca-certificates: Failed to add certificate ‘/etc/ssl/certs/localhost.crt’ to trusted CA certificates. See web.log for details.”
I didn’t get those warning in earlier version 1.2.x. If certificate for each slave has to be trusted what is the correct way to configure it or maybe disable this. My aim is to automate process of adding slave as much as possible through
ansible.
Regards,
Rafal Bialek
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en