Distributed Monitoring Livestatus "already-connected SSLSocket"

Hi

Im having troubles with my distributed monitoring hosts.
First the site was running in our network (routed, different subnet) without any problems.
Now we transfered the server to customer’s site which is connected via VPN.

But with TLS encrypted livestatus i always get the following error:

“Cannot connect to ‘tcp:10.15.20.9:6557’: attempt to connect already-connected SSLSocket!”

image1548×114 14.2 KB

I checked many things already. Ping, Routing, VPN config…

Does anybody have some ideas to check?
Access to the remote check_mk dashboards is working like a charm.

Versions used:
Local site 2.0.0b4 (CRE) on a VM
RemoteSite 2.0.0b3 (CRE) in a docker container

It looks like the same Problem: https://forum.checkmk.com/t/check-mk-deutsch-distributed-monitoring-ssl-fehler/16264
but unfortunatly there was no answer in this topic or to this mail.

Best Regards and thanks in advance!
Yves

Hi,

did you check if there is a livestatus process connected to this port? When you stop the site, you have to look if there is a process hung .

Cheers, Christian

Hi Christian,
Thanks for your reply.
I double checked if the process is connected.
On omd stop there is nothing listening on that port anymore.

To double check the connection i switched livestatus to plain without tls… That way everything is working as expected.
The Certificate is shown and trusted.

Maybe i need to recheck with a clean docker install of check_mk to check if it’s because of my LXC installation…

Hi @Yves ,

got same behavior randomly. Stop site → disable it → enable it → start it, works for me. I think stunnel is the problem. Anyway, lesson learned running checkmk in a docker environment is not the best solution at the moment. I´ll be going back to normal host installation.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.