Dynamic Host Configuration cannot load docker-hosts

kash83 · October 2, 2020, 7:47am

Hi,

i’ve got an problem by auto creating my docker-hosts via dynamic host configuration:

09:43:32 ERROR An exception occured
Traceback (most recent call last):
File “/omd/sites/monitor/lib/python/cmk/cee/dcd/connectors/piggyback.py”, line 293, in _execute_phase2
cmk_hosts = self._web_api.get_all_hosts(effective_attributes=True)
File “/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py”, line 172, in get_all_hosts
“effective_attributes”: effective_attributes,
File “/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py”, line 92, in _api_request
raise MKAPIError(“API call failed (URL: %s): %s” % (url, e))
MKAPIError: API call failed (URL: https://monitoring.medianet-freiburg.de/monitor/check_mk/webapi.py?action=get_all_hosts): HTTPSConnectionPool(host='monitoring.medianet-frei

I have installed all CA-Bundle crts on my checkmk in the global-config.
But it didnt work, i dont know whats the problem?!

Thanks for n advice…

Viele Grüße
-kash-

simon-mueller · October 2, 2020, 3:43pm

Hi kash83,

it seems that the most important part of the error message is missing.

When you provide this in your next post, please wrap them in three literal backticks: ``` ← these guys

kash83 · October 5, 2020, 9:31am

Thanks for your advice

Phase 2.2 Fetching existing hosts

Traceback (most recent call last):
  File "/omd/sites/monitor/lib/python/cmk/cee/dcd/connectors/piggyback.py", line 293, in _execute_phase2
    cmk_hosts = self._web_api.get_all_hosts(effective_attributes=True)
  File "/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py", line 172, in get_all_hosts
    "effective_attributes": effective_attributes,
  File "/omd/sites/monitor/lib/python/cmk/cee/dcd/web_api.py", line 92, in _api_request
    raise MKAPIError("API call failed (URL: %s): %s" % (url, e))
MKAPIError: API call failed (URL: https://monitoring.medianet-freiburg.de/monitor/check_mk/webapi.py?action=get_all_hosts): HTTPSConnectionPool(host='monitoring.medianet-freiburg.de', port=443): Max retries exceeded with url: /monitor/check_mk/webapi.py?action=get_all_hosts (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))```

andreas-doehler · October 5, 2020, 10:24am

It looks like a normal certificate problem. What do you see in your CMK global settings for the installed certs as issuer and subjects?

What do you see with a “openssl s_client -connect monitoring.medianet-freiburg.de:443”
Do you see a complete chain or only one certificate?

simon-mueller · October 5, 2020, 7:05pm

Yep, the ssl certificate presented by the API on port 443 is not trusted. You can either disable the verification (not recommended) or get a trusted one (eg. letsencrypt) or import the current one into your trust store.

andreas-doehler · October 5, 2020, 8:13pm

At DCD i don’t see this option. There you need trusted certificates.

kash83 · October 5, 2020, 10:45pm

It works now.

The openssl command from your post worked.
And there i saw that one certificate of the chain is expired.
It was the “User Trust Root Ca.crt”.
I renewed it and now it works - THANKs!