Starting with Robotmk

joernc · October 13, 2025, 9:38am

I am trying to dip my toes into Robotmk… So far I have

set up a Windows server
deployed the Robotmk scheduler via the appropriate rule
configured a proxy in that rule

I then try to initialize the runtime environment:

C:\ProgramData\checkmk\agent\bin\rcc.exe config import -f C:\robotmk\rcc_home\current_user\profile_robotmk.yaml

C:\ProgramData\checkmk\agent\bin\rcc.exe task shell

The second command starts to fetch stuff via the proxy, but then fails with

info     libmamba Download error (35) SSL connect error [https://conda.anaconda.org/conda-forge/noarch/repodata.json.zst]
    schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.

This request should probably go to a Let’s Encrypt server, for which I don’t see an attempt in the proxy logs. On the other hand

openssl s_client -servername conda.anaconda.org -connect conda.anaconda.org:443 -crl_check

...
Verify return code: 3 (unable to get certificate CRL)

I am not so sure there is even a CRL to fetch at all. What am I missing here?

simonm · October 13, 2025, 10:59am

Hi Jörn,

how does your RCC profile config look like?
Regards, Simon

joernc · October 13, 2025, 11:26am

Straight out of the rule:

description: Robotmk RCC profile
settings:
  certificates:
    verify-ssl: false
    ssl-no-revoke: false
    legacy-renegotiation-allowed: false
  network:
    no-proxy: localhost,127.0.0.1
    https-proxy: http://proxy.xxx:3128
    http-proxy: http://proxy.xxx:3128
  meta:
    name: Robotmk
    description: Robotmk RCC profile
    source: Robotmk
    version: ""

joernc · October 13, 2025, 11:32am

Looking at these values, I just tried

ssl-no-revoke: true

(double negations are always fun…), but the build still fails.

Unless reloading the profile is more complicated than simply repeating

C:\ProgramData\checkmk\agent\bin\rcc.exe config import -f C:\robotmk\rcc_home\current_user\profile_robotmk.yaml

simonm · October 14, 2025, 6:39am

@joernc , can you please DM me

conda.yaml
robot.yaml
the profile YAML

I will test this on another machine behind a proxy server.
Regards, Simon