Nagvis: no login after update to 2.2.0

Troubleshooting
, ,
1

We upgraded our CheckMK site from 2.1.0p20 to 2.1.0p36 to 2.2.0p14 .

Now, the Nagvis snap-in states “LogonMultisite: Not authenticated.”
Moreover, the kiosk system is not able to access https://server.tld/site-name/nagvis/. If I access nagvis directly, I get a browser error with too many redirections. (Nagvis says: not logged in, go to checkmk, checkmk says: you are logged in, Nagvis says: not logged in)

It seems to be that the authentication between checkmk and Nagvis is not working properly.

Server: Ubuntu 22.04
checkmk: 2.2.0p14

Any ideas to troubleshoot that?

2

I created a vanilla site and followed the same upgrade path. Nagvis works as expected.

I compared the config file (nagvis.ini.php) and commented out the following lines:

;logonmodule="LogonMultisite"
;    logon_multisite_htpasswd="/omd/sites/site-name/etc/htpasswd"
;    logon_multisite_serials="/omd/sites/site-name/etc/auth.serials"
;    logon_multisite_secret="/omd/sites/site-name/etc/auth.secret"
;    logon_multisite_createuser="1"
;    logon_multisite_createrole="Guests"

The redirects disappeared. The snap-in states “You are not authenticated”. If I try to login at the nagvis page, I get “Error: Authentication failed.”

The nagvis config looks like this:

sudo egrep -v "^;" /omd/sites/site-name/etc/nagvis/nagvis.ini.php
[global]

[paths]

[defaults]

zoombar=1
[index]

showrotations=0
[automap]

[wui]

[worker]

[backend_live_1]
backendtype="mklivestatus"

[backend_ndomy_1]
backendtype="ndomy"

[states]

So, nothing special. Where could be the misconfiguration of Nagvis?

3

It might be somehow unsatisfying, but the workaround was this for me:

Taking a working vanilla site (named TEMP), copying the nagvis /etc folder over the target site and renaming TEMP to the target’s site name.

# cp -r /omd/sites/TEMP/etc/nagvis/* /omd/sites/site-name/etc/nagvis/
# find ./ -type f -exec sed -i 's/TEMP/site-name/' {} \;
# grep -ir "TEMP" .   <--- should not output something
# omd restart site-name

I compared several files with its content before, but was not able to find the misconfiguration. Must be some legacy, since this site was updated years over years from 1.x to now.