[Check_mk (english)] multisite auth.secret

Stephen Berg (Contractor) stephen.berg.ctr at nrlssc.navy.mil
Wed Jul 13 18:30:22 CEST 2016


This is still not working for me.  I can get to performance graphs, but 
the hover popups still fail.

Interestingly all this is working on my older sites on the same 
servers.  They are not using WATO and moving to a WATO setup is the goal 
here.

I tried removing the master site and both slave sites and rebuilding 
from scratch.

Created master site, set a few parameters, set up a few folders to 
eventually organize my hosts.  Changed the omdadmin password, configured 
LDAP to pull in a half a dozen accounts, just the IT shop folks.

Created a slave site (one on each remote server) and added it to the 
master's distributed setup.  Create a couple hosts so the master server 
can monitor the slave servers.  Then created a couple hosts using the 
master web UI and they got replicated out to the slave server as expected.

Is there a checklist or something that I can run through to try to find 
what I'm missing to get this working?

On 07/12/2016 09:15 AM, Stephen Berg (Contractor) wrote:
> I've gone through and checked what the modproxy instructions say and 
> still getting an error on the hover popups.
>
> I'm pretty sure I got all the distributed monitoring set up as it 
> should be.  Everything else seems to be working at least.
>
> Sockets are set to:
> tcp:site1:6558
> tcp:site2:6558
>
> URL prefix:
> http://server1/site1/
> http://server2/site2/
>
> Multisite URL of remote site:
> http://server1/site1/check_mk/
> http://server2/site2/check_mk/
>
> In /etc/httpd/conf.d/multisite_proxy.conf:
> <Location /site1>
>         RewriteEngine On
>         RewriteRule ^/.+/site1/(.*) http://server1/site1/$1 [P]
> </Location>
> <Location /site2>
>         RewriteEngine On
>         RewriteRule ^/.+/site2/(.*) http://server2/site2/$1 [P]
> </Location>
>
> Both sites and the main server have the same 
> /opt/omd/sites/<site>/etc/auth.secret and auth.serials
>
> A filtered list of LDAP users are being pulled from our FreeIPA 
> servers, authentication works using that with no issues.  Well one 
> small issue, if I start firefox, pull up the main site and login, then 
> try to go to the services view for a system on one of the slave 
> servers I have to login there also, after that the login is 
> remembered.  I think that's the way it normally works but if I can 
> avoid the additional logins to slave systems that would be nice. If I 
> could get check_mk to use a kerberos TGT for login that would really 
> nice.
>
> I've checked the AuthName in /etc/httpd/conf.d/auth.conf and all three 
> systems are the same.
>
> This is the two log entries I see in the slave server apache log when 
> I hover over the graph icon from the master site web UI:
> <My IP> - - [12/Jul/2016:09:10:02 -0500] "GET 
> /sit2/pnp4nagios/index.php/popup?host=host1&srv=_HOST_ HTTP/1.1" 302 - 
> "http://master/mainsite/check_mk/view.py?view_name=allhosts" 
> "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:47.0) Gecko/20100101 
> Firefox/47.0"
>
> <My IP> - - [12/Jul/2016:09:10:02 -0500] "GET 
> /site2/check_mk/login.py?_origtarget=/site2/pnp4nagios/index.php/popup?host=host1&srv=_HOST_ 
> HTTP/1.1" 200 2202 
> "http://master/mainsite/check_mk/view.py?view_name=allhosts" 
> "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:47.0) Gecko/20100101 
> Firefox/47.0"
>
> I'm probably missing one little step in the setup but I'm having a 
> heck of a time finding that one step.
>
> On 07/11/2016 11:46 AM, Paul Bongers wrote:
>> Hi Stephen,
>>
>>
>> If you want to have the PNP graphs working in a distributed setup, you
>> need to set up mod_proxy on your master site to connect to your remote
>> sites.
>>
>> This is also on the website:
>> http://mathias-kettner.com/checkmk_multisite_modproxy.html
>>
>>
>> HTH,
>>
>>
>> Paul
>>
>>
>> On 11/07/16 17:47, Stephen Berg (Contractor) wrote:
>>> I've had a Nagios then check_mk then omd setup for a few years now.
>>> Trying to further migrate to using WATO and the distributed monitoring
>>> on one master and seven slave setups. I've run into a glitch that I
>>> guess I just haven't wrapped my brain around the correct sequence of
>>> steps yet.
>>>
>>> Master is setup, two slave set up so far, everything seems to be
>>> working except the pnp4nagios hover popups for graphs when I view a
>>> host that is monitored on one of the slaves.  If I click on the graph
>>> icon I see the graphs for that service.
>>>
>>> Is this something to do with the auth.secret file?  I can't seem to
>>> find documentation on what I should be doing with that file on the
>>> master or slave servers.
>>>
>>>
>> _______________________________________________
>> checkmk-en mailing list
>> checkmk-en at lists.mathias-kettner.de
>> http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en
>>
>
>


-- 
Stephen Berg
Systems Administrator
NRL Code: 7320
Office: 228-688-5738
stephen.berg.ctr at nrlssc.navy.mil



More information about the checkmk-en mailing list