Dynamic Host Configuration cannot load docker-hosts

Hi,

i’ve got an problem by auto creating my docker-hosts via dynamic host configuration:

09:43:32 ERROR An exception occured
Traceback (most recent call last):
File “/omd/sites/monitor/lib/python/cmk/cee/dcd/connectors/piggyback.py”, line 293, in _execute_phase2
cmk_hosts = self._web_api.get_all_hosts(effective_attributes=True)
File “/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py”, line 172, in get_all_hosts
“effective_attributes”: effective_attributes,
File “/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py”, line 92, in _api_request
raise MKAPIError(“API call failed (URL: %s): %s” % (url, e))
MKAPIError: API call failed (URL: https://monitoring.medianet-freiburg.de/monitor/check_mk/webapi.py?action=get_all_hosts): HTTPSConnectionPool(host='monitoring.medianet-frei

I have installed all CA-Bundle crts on my checkmk in the global-config.
But it didnt work, i dont know whats the problem?!

Thanks for n advice…

Viele Grüße
-kash-

Hi kash83,

it seems that the most important part of the error message is missing. :frowning:

When you provide this in your next post, please wrap them in three literal backticks: ``` ← these guys

Thanks for your advice :wink:

Phase 2.2 Fetching existing hosts

Traceback (most recent call last):
  File "/omd/sites/monitor/lib/python/cmk/cee/dcd/connectors/piggyback.py", line 293, in _execute_phase2
    cmk_hosts = self._web_api.get_all_hosts(effective_attributes=True)
  File "/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py", line 172, in get_all_hosts
    "effective_attributes": effective_attributes,
  File "/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py", line 92, in _api_request
    raise MKAPIError("API call failed (URL: %s): %s" % (url, e))
MKAPIError: API call failed (URL: https://monitoring.medianet-freiburg.de/monitor/check_mk/webapi.py?action=get_all_hosts): HTTPSConnectionPool(host='monitoring.medianet-freiburg.de', port=443): Max retries exceeded with url: /monitor/check_mk/webapi.py?action=get_all_hosts (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))```

It looks like a normal certificate problem. What do you see in your CMK global settings for the installed certs as issuer and subjects?

What do you see with a “openssl s_client -connect monitoring.medianet-freiburg.de:443
Do you see a complete chain or only one certificate?

Yep, the ssl certificate presented by the API on port 443 is not trusted. You can either disable the verification (not recommended) or get a trusted one (eg. letsencrypt) or import the current one into your trust store.

At DCD i don’t see this option. There you need trusted certificates.

It works now.

The openssl command from your post worked.
And there i saw that one certificate of the chain is expired.
It was the “User Trust Root Ca.crt”.
I renewed it and now it works - THANKs!