Can confirm the bug in version 2.2.0b3-1
but the workaround mentioned by @jsmyth doesn’ work. I don’t have the file allow-legacy-pull on one of my working systems
I had to rebuild my checkmk instance.
Annoying:
Registered agent:
Status checked. Still connected to the old instance.
cmk-agent-ctl status
WARN [rustls::conn] Sending fatal alert BadCertificate
Version: 2.2.0b2
Agent socket: operational
IP allowlist: any
Connection: watch.sec.httg/hlwatch
UUID: 61e46165-97cd-4fef-b51e-c1cf79e6d785
Local:
Connection mode: pull-agent
Connecting to receiver port: 8000
Certificate issuer: Site 'hlwatch' agent signing CA
Certificate validity: Thu, 20 Apr 2023 08:09:14 +0000 - Thu, 20 Apr 2028 08:09:14 +0000
Connection deleted.
cmk-agent-ctl delete 61e46165-97cd-4fef-b51e-c1cf79e6d785
Deleted pull connection 'watch.sec.httg/hlwatch'
OK [hlsshD ~]# cmk-agent-ctl status
Version: 2.2.0b2
Agent socket: operational
IP allowlist: any
No connections
Port disabled. Why does this happen? Reinstallation does not help.
[hlsshD ~]# telnet 192.168.20.50 6556
Trying 192.168.20.50...
telnet: Unable to connect to remote host: Connection refused
Error [hlsshD ~]# ss -tulpn | grep 6556
Error [hlsshD ~]#
i am not happy about this.
The allow-legacy-pull file enables the “old style unencrypted” transport, while missing “registered_connections.json” should mean no trust relation, no connection.
So to re-enable unencrypted communication you can touch the allow-legacy-pull file. I guess, we should document this.
That worked. Thank you. Yes, you should document this more clearly.
i hope i can stay with checkmk. it seems to consume too many resources for me.
I had the same issue with agent version 2.2.0p22. The fix of @neilyoung worked for me. I just had to reboot the system after I registered it.
TL;DR
use “
cmk-agent-ctl delete-all --enable-insecure-connections -vv
”
Hi, this problem made me scratching my head quite a bit.
Finally I’ve found the solution here: Agent controller: Add option to (re-)enable legacy pull mode
Well, you have to be creative to get it but in the werk says:
“The corresponding flag can be passed as an option to the delete-all subcommand.”
So I’ve triedcmk-agent-ctl delete-all --help
and voilà!
“FLAGS:
–enable-insecure-connections Enable insecure connections (no TLS, agent output will be accessible via TCP”
Kinda tricky to find…