Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dev.icinga.com #12092] Icinga incorrectly disconnects all endpoints if one has a wrong certificate #4341

Closed
icinga-migration opened this issue Jul 4, 2016 · 6 comments

Comments

Projects
None yet
1 participant
@icinga-migration
Copy link
Member

commented Jul 4, 2016

This issue has been migrated from Redmine: https://dev.icinga.com/issues/12092

Created by lbetz on 2016-07-04 08:03:05 +00:00

Assignee: mfriedrich
Status: Closed (closed on 2016-07-11 15:06:32 +00:00)
Target Version: 2.5.0
Last Update: 2016-08-22 11:45:10 +00:00 (in Redmine)

Icinga Version: 2.4.10
Backport?: Not yet backported
Include in Changelog: 1

I saw it first when a customer reinstalled the icinga server and forgot to backup the CA. After created a new CA, of course all agent had wrong certificates. Now after configured some agents with new and correct certificates the log on this agents show the disconnect to the endpoint on the master/satellite, i.e. log of agent antlia and its parent sculptor:

[2016-07-04 09:52:30 +0200] warning/JsonRpcConnection: API client disconnected for identity 'sculptor'
[2016-07-04 09:52:30 +0200] warning/ApiListener: Removing API client for endpoint 'sculptor'. 0 API clients left.
[2016-07-04 09:52:30 +0200] information/JsonRpcConnection: Reconnecting to API endpoint 'sculptor' via host '172.16.2.11' and port '5665'
[2016-07-04 09:52:30 +0200] information/ApiListener: New client connection for identity 'sculptor'
[2016-07-04 09:52:30 +0200] information/ApiListener: Sending config updates for endpoint 'sculptor'.
[2016-07-04 09:52:30 +0200] information/ApiListener: Syncing runtime objects to endpoint 'sculptor'.
[2016-07-04 09:52:30 +0200] information/ApiListener: Finished sending config updates for endpoint 'sculptor'.
[2016-07-04 09:52:30 +0200] information/ApiListener: Sending replay log for endpoint 'sculptor'.
[2016-07-04 09:52:30 +0200] information/ApiListener: Finished sending replay log for endpoint 'sculptor'.

Data seem to reply to sculptor but only if the heartbeat notices that the connection isn't established.

That means if you have only one wrong cert all other agents with a correct one will be disconnected their connection. From this it follows that you have timing problems in your environment, because all data between endpoints will replied every 30 secs only.


Relations:

@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Jul 6, 2016

Updated by mfriedrich on 2016-07-06 11:52:18 +00:00

  • Status changed from New to Assigned
  • Assigned to set to mfriedrich
  • Priority changed from Normal to High
@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Jul 8, 2016

Updated by mfriedrich on 2016-07-08 14:25:01 +00:00

  • Relates set to 12100
@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Jul 11, 2016

Updated by mfriedrich on 2016-07-11 15:06:32 +00:00

  • Status changed from Assigned to Closed
  • Target Version set to 2.5.0
  • Done % changed from 0 to 100

Tested and resolved with #12100.

@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Aug 4, 2016

Updated by mfriedrich on 2016-08-04 08:20:41 +00:00

  • Relates set to 12309
@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Aug 22, 2016

Updated by gbeutner on 2016-08-22 11:45:02 +00:00

  • Subject changed from Disconnect all endpoints if one has a wrong cert to Icinga incorrectly disconnect all endpoints if one has a wrong certificate
@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Aug 22, 2016

Updated by gbeutner on 2016-08-22 11:45:10 +00:00

  • Subject changed from Icinga incorrectly disconnect all endpoints if one has a wrong certificate to Icinga incorrectly disconnects all endpoints if one has a wrong certificate
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.