[dev.icinga.com #12092] Icinga incorrectly disconnects all endpoints if one has a wrong certificate #4341
Labels
Milestone
Comments
Updated by mfriedrich on 2016-07-06 11:52:18 +00:00
|
Updated by mfriedrich on 2016-07-08 14:25:01 +00:00
|
Updated by mfriedrich on 2016-07-11 15:06:32 +00:00
Tested and resolved with #12100. |
Updated by mfriedrich on 2016-08-04 08:20:41 +00:00
|
Updated by gbeutner on 2016-08-22 11:45:02 +00:00
|
Updated by gbeutner on 2016-08-22 11:45:10 +00:00
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue has been migrated from Redmine: https://dev.icinga.com/issues/12092
Created by lbetz on 2016-07-04 08:03:05 +00:00
Assignee: mfriedrich
Status: Closed (closed on 2016-07-11 15:06:32 +00:00)
Target Version: 2.5.0
Last Update: 2016-08-22 11:45:10 +00:00 (in Redmine)
I saw it first when a customer reinstalled the icinga server and forgot to backup the CA. After created a new CA, of course all agent had wrong certificates. Now after configured some agents with new and correct certificates the log on this agents show the disconnect to the endpoint on the master/satellite, i.e. log of agent antlia and its parent sculptor:
[2016-07-04 09:52:30 +0200] warning/JsonRpcConnection: API client disconnected for identity 'sculptor'
[2016-07-04 09:52:30 +0200] warning/ApiListener: Removing API client for endpoint 'sculptor'. 0 API clients left.
[2016-07-04 09:52:30 +0200] information/JsonRpcConnection: Reconnecting to API endpoint 'sculptor' via host '172.16.2.11' and port '5665'
[2016-07-04 09:52:30 +0200] information/ApiListener: New client connection for identity 'sculptor'
[2016-07-04 09:52:30 +0200] information/ApiListener: Sending config updates for endpoint 'sculptor'.
[2016-07-04 09:52:30 +0200] information/ApiListener: Syncing runtime objects to endpoint 'sculptor'.
[2016-07-04 09:52:30 +0200] information/ApiListener: Finished sending config updates for endpoint 'sculptor'.
[2016-07-04 09:52:30 +0200] information/ApiListener: Sending replay log for endpoint 'sculptor'.
[2016-07-04 09:52:30 +0200] information/ApiListener: Finished sending replay log for endpoint 'sculptor'.
Data seem to reply to sculptor but only if the heartbeat notices that the connection isn't established.
That means if you have only one wrong cert all other agents with a correct one will be disconnected their connection. From this it follows that you have timing problems in your environment, because all data between endpoints will replied every 30 secs only.
Relations:
The text was updated successfully, but these errors were encountered: