Hi !
When I configure the notif spool on a remote site I can enable authentication
But what authentication is used ?
If I enable the inline help the auth is done using the certificate, but when I select this option it fails
Although my site is connected and the ssl uses trusted certs
Hi @philippe
here is the Werk for this feature with a bit more context.
Previously mknotifyd did not authenticate peers. With this Werk mknotifyd can be configured to require TLS client certificate authentication. This is only available if encryption for mknotifyd is configured. In order to verify the peers correctly the corresponding site CAs must be trusted. This is usually the case if you enabled the configuration sync and enabled the encryption of livestatus. If you have another setup make sure both all Site CAs are trusted on each site.
Regards
Norm
2023-09-15 11:29:22,294 [20] [cmk.mknotifyd.outgoing(10.3.1.137:8006)] Establishing upgradable connection
2023-09-15 11:29:22,295 [40] [cmk.mknotifyd.outgoing(10.3.1.137:8006)] Error: cannot create TCP channel:
Traceback (most recent call last):
File "/omd/sites/master/lib/python3/cmk/cee/mknotifyd/connection.py", line 564, in connect_outgoing
self._establish_outgoing_connection()
File "/omd/sites/master/lib/python3/cmk/cee/mknotifyd/connection.py", line 597, in _establish_outgoing_connection
self.socket.connect(str(self._paths.tmp_dir / f"{ipaddress}:{port}"))
FileNotFoundError: [Errno 2] No such file or directory
<snip>
2023-09-15 11:31:50,948 [20] [cmk.mknotifyd.outgoing(10.3.1.137:8006)] Establishing upgradable connection
2023-09-15 11:31:50,995 [20] [cmk.mknotifyd.outgoing(10.3.1.137:8006)] Falling back to unencrypted connection
2023-09-15 11:31:50,995 [20] [cmk.mknotifyd.outgoing(10.3.1.137:8006)] Connection in progress
2023-09-15 11:31:50,996 [20] [cmk.mknotifyd.outgoing(10.3.1.137:8006)] Successfully connected
2023-09-15 11:31:51,011 [30] [cmk.mknotifyd.outgoing(10.3.1.137:8006)] Remote site closed connection.