I have a Checkmk Instance 1.5.0p12 wherein the users have been setup using LDAP, and htpasswd both. Now, I have setup another site on 1.5.0p24, where the LDAP connection has been setup and I have restricted the filter to one particular department in my company so that I don’t want all users here but rest htpaaswd based users can login.
Question:
How to copy the files ? In which order ?
In 1.5.0p12,
users.mk is under: $OMD_ROOT/etc/check_mk/multisite.d/wato/users.mk
and the contacts.mk under: $OMD_ROOT/etc/check_mk/conf.d/wato/contacts.mk
I copied both these files from the existing instance(1.5.0p12) to my new instance (i.e. 1.5.0p24) and then enabled the ldap with restricted filter. The users gets created but in the connection column under WATO >> Users, I see “UNKNOWN (default) (disabled)” in the connection column against all the LDAP users. All the technical users with connection type : htpasswd looks good.
how do you defined your syncing at the mutisite configuration? There are also options to sync users and ldap connections to slave sites. Or do you mean you two sites are totally standalone?
These are two standalone instances. I have fixed it like this on 1.5.0p24:
Configured the LDAP connection with the restricted filter and synced the users . This way I got the LDAP users which will be added to the monitoring.
Now, copied the following files in the below order from 1.5.0p12 to 1.5.0p24:
$OMD_ROOT/etc/check_mk/multisite.d/wato/roles.mk
$OMD_ROOT/etc/check_mk/multisite.d/wato/users.mk
$OMD_ROOT/etc/check_mk/conf.d/wato/contacts.mk
$OMD_ROOT/etc/check_mk/conf.d/wato/groups.mk
In users.mk and contacts.mk, I removed the unwanted users and this way it works for me. So, far I have done some basic checks and it looks good. However, I am not sure if this is the right way to solve this.
The site on 1.5.0p24 will be setup in multisite configuration wherein it will push the configuration to slave sites. So, I think the restricted LDAP users will also be available on Slave because I want the WATO config to be pushed from the master to the slave.
In addition, to this, I want to add a old standalone checkmk instace i.e. 1.2.8 in the multisite view. Now to this instance everyone in the company can login. When I add the 1.2.8 in the mulitisite configuration (just as a view only site), Will these restricted users be synced there as well or I shouldn’t do that since its a site with an older version ?
I guess it could have some side effects to connect such an old installation to multisite configuration. I never tested it, especially the user, configuration and ldap sync. In theory you can disable all syncs from the new master to you readonly old instance and you should be fine.
Looks good, maybe you should do an backup of your slave site first, if something goes wrong you can restore it. Backuping the configuration (without logs and performance data omd backup <site> --no-past ) should be suitable for this
And it works. BTW, the backup command didn’t worked. Looks like the --no-past option doesn’t work will OMD 1.2.8. So, I manually created a backup of /omd/sites/<site_name?/etc/*
and then /omd/sites/<site_name?/var/check_mk/web/*
