[Check_mk (english)] multisite auth.secret

Stephen Berg (Contractor) stephen.berg.ctr at nrlssc.navy.mil
Tue Jul 12 16:15:36 CEST 2016


I've gone through and checked what the modproxy instructions say and 
still getting an error on the hover popups.

I'm pretty sure I got all the distributed monitoring set up as it should 
be.  Everything else seems to be working at least.

Sockets are set to:
tcp:site1:6558
tcp:site2:6558

URL prefix:
http://server1/site1/
http://server2/site2/

Multisite URL of remote site:
http://server1/site1/check_mk/
http://server2/site2/check_mk/

In /etc/httpd/conf.d/multisite_proxy.conf:
<Location /site1>
         RewriteEngine On
         RewriteRule ^/.+/site1/(.*) http://server1/site1/$1 [P]
</Location>
<Location /site2>
         RewriteEngine On
         RewriteRule ^/.+/site2/(.*) http://server2/site2/$1 [P]
</Location>

Both sites and the main server have the same 
/opt/omd/sites/<site>/etc/auth.secret and auth.serials

A filtered list of LDAP users are being pulled from our FreeIPA servers, 
authentication works using that with no issues.  Well one small issue, 
if I start firefox, pull up the main site and login, then try to go to 
the services view for a system on one of the slave servers I have to 
login there also, after that the login is remembered.  I think that's 
the way it normally works but if I can avoid the additional logins to 
slave systems that would be nice. If I could get check_mk to use a 
kerberos TGT for login that would really nice.

I've checked the AuthName in /etc/httpd/conf.d/auth.conf and all three 
systems are the same.

This is the two log entries I see in the slave server apache log when I 
hover over the graph icon from the master site web UI:
<My IP> - - [12/Jul/2016:09:10:02 -0500] "GET 
/sit2/pnp4nagios/index.php/popup?host=host1&srv=_HOST_ HTTP/1.1" 302 - 
"http://master/mainsite/check_mk/view.py?view_name=allhosts" 
"Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:47.0) Gecko/20100101 
Firefox/47.0"

<My IP> - - [12/Jul/2016:09:10:02 -0500] "GET 
/site2/check_mk/login.py?_origtarget=/site2/pnp4nagios/index.php/popup?host=host1&srv=_HOST_ 
HTTP/1.1" 200 2202 
"http://master/mainsite/check_mk/view.py?view_name=allhosts" 
"Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:47.0) Gecko/20100101 
Firefox/47.0"

I'm probably missing one little step in the setup but I'm having a heck 
of a time finding that one step.

On 07/11/2016 11:46 AM, Paul Bongers wrote:
> Hi Stephen,
>
>
> If you want to have the PNP graphs working in a distributed setup, you
> need to set up mod_proxy on your master site to connect to your remote
> sites.
>
> This is also on the website:
> http://mathias-kettner.com/checkmk_multisite_modproxy.html
>
>
> HTH,
>
>
> Paul
>
>
> On 11/07/16 17:47, Stephen Berg (Contractor) wrote:
>> I've had a Nagios then check_mk then omd setup for a few years now.
>> Trying to further migrate to using WATO and the distributed monitoring
>> on one master and seven slave setups. I've run into a glitch that I
>> guess I just haven't wrapped my brain around the correct sequence of
>> steps yet.
>>
>> Master is setup, two slave set up so far, everything seems to be
>> working except the pnp4nagios hover popups for graphs when I view a
>> host that is monitored on one of the slaves.  If I click on the graph
>> icon I see the graphs for that service.
>>
>> Is this something to do with the auth.secret file?  I can't seem to
>> find documentation on what I should be doing with that file on the
>> master or slave servers.
>>
>>
> _______________________________________________
> checkmk-en mailing list
> checkmk-en at lists.mathias-kettner.de
> http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en
>


-- 
Stephen Berg
Systems Administrator
NRL Code: 7320
Office: 228-688-5738
stephen.berg.ctr at nrlssc.navy.mil



More information about the checkmk-en mailing list