kash83
(Björn)
October 2, 2020, 7:47am
1
Hi,
i’ve got an problem by auto creating my docker-hosts via dynamic host configuration:
09:43:32 ERROR An exception occured
Traceback (most recent call last):
File “/omd/sites/monitor/lib/python/cmk/cee/dcd/connectors/piggyback.py”, line 293, in _execute_phase2
cmk_hosts = self._web_api.get_all_hosts(effective_attributes=True)
File “/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py”, line 172, in get_all_hosts
“effective_attributes”: effective_attributes,
File “/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py”, line 92, in _api_request
raise MKAPIError(“API call failed (URL: %s): %s” % (url, e))
MKAPIError: API call failed (URL: https://monitoring.medianet-freiburg.de/monitor/check_mk/webapi.py?action=get_all_hosts ): HTTPSConnectionPool(host='monitoring.medianet-frei
I have installed all CA-Bundle crts on my checkmk in the global-config.
But it didnt work, i dont know whats the problem?!
Thanks for n advice…
Viele Grüße
-kash-
Hi kash83,
it seems that the most important part of the error message is missing.
When you provide this in your next post, please wrap them in three literal backticks: ```
← these guys
kash83
(Björn)
October 5, 2020, 9:31am
3
Thanks for your advice
Phase 2.2 Fetching existing hosts
Traceback (most recent call last):
File "/omd/sites/monitor/lib/python/cmk/cee/dcd/connectors/piggyback.py", line 293, in _execute_phase2
cmk_hosts = self._web_api.get_all_hosts(effective_attributes=True)
File "/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py", line 172, in get_all_hosts
"effective_attributes": effective_attributes,
File "/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py", line 92, in _api_request
raise MKAPIError("API call failed (URL: %s): %s" % (url, e))
MKAPIError: API call failed (URL: https://monitoring.medianet-freiburg.de/monitor/check_mk/webapi.py?action=get_all_hosts): HTTPSConnectionPool(host='monitoring.medianet-freiburg.de', port=443): Max retries exceeded with url: /monitor/check_mk/webapi.py?action=get_all_hosts (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))```
It looks like a normal certificate problem. What do you see in your CMK global settings for the installed certs as issuer and subjects?
What do you see with a “openssl s_client -connect monitoring.medianet-freiburg.de:443 ”
Do you see a complete chain or only one certificate?
Yep, the ssl certificate presented by the API on port 443 is not trusted. You can either disable the verification (not recommended) or get a trusted one (eg. letsencrypt) or import the current one into your trust store.
At DCD i don’t see this option. There you need trusted certificates.
kash83
(Björn)
October 5, 2020, 10:45pm
7
It works now.
The openssl command from your post worked.
And there i saw that one certificate of the chain is expired.
It was the “User Trust Root Ca.crt”.
I renewed it and now it works - THANKs!
system
(system)
Closed
October 5, 2021, 10:45pm
8
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.