search

centreon / centreon-archived

Centreon is a network, system and application monitoring tool. Centreon is the only AIOps Platform Providing Holistic Visibility to Complex IT Workflows from Cloud to Edge.
https://www.centreon.com
GNU General Public License v2.0
575 stars 240 forks source link

Centreon 21.10.1 Export and Reload shortcut feature with Self-Signed Certificate #10457

Open Tpo76 opened 2 years ago

Tpo76 commented 2 years ago

BUG REPORT INFORMATION

Prerequisites

Set up HTTPS with a self-signed certificate

Versions Centreon Web 21.10.1

$ rpm -qa | grep centreon | egrep -v "(plugin|pack)" | sort
centreon-auto-discovery-server-21.10.1-1.el7.centos.noarch
centreon-bam-server-21.10.0-1636565929.8da17013.el7.centos.noarch
centreon-base-config-centreon-engine-21.10.1-1.el7.centos.noarch
centreon-broker-21.10.0-6.el7.x86_64
centreon-broker-cbd-21.10.0-6.el7.x86_64
centreon-broker-cbmod-21.10.0-6.el7.x86_64
centreon-broker-core-21.10.0-6.el7.x86_64
centreon-broker-selinux-0.0.6-1.x86_64
centreon-broker-storage-21.10.0-6.el7.x86_64
centreon-business-release-21.10-4.el7.centos.noarch
centreon-clib-21.10.0-6.el7.x86_64
centreon-common-21.10.1-1.el7.centos.noarch
centreon-common-selinux-0.0.11-1.x86_64
centreon-connector-21.10.0-6.el7.x86_64
centreon-connector-perl-21.10.0-6.el7.x86_64
centreon-connector-ssh-21.10.0-6.el7.x86_64
centreon-engine-21.10.0-6.el7.x86_64
centreon-engine-daemon-21.10.0-6.el7.x86_64
centreon-engine-extcommands-21.10.0-6.el7.x86_64
centreon-engine-selinux-0.0.10-1.x86_64
centreon-gorgone-21.10.0-3.el7.centos.noarch
centreon-gorgone-centreon-config-21.10.0-3.el7.centos.noarch
centreon-license-manager-21.10.0-1.el7.centos.noarch
centreon-license-manager-common-21.10.0-1.el7.centos.noarch
centreon-map-web-client-21.10.0-1.el7.centos.noarch
centreon-perl-libs-21.10.1-1.el7.centos.noarch
centreon-poller-centreon-engine-21.10.1-1.el7.centos.noarch
centreon-pp-manager-21.10.0-2.el7.centos.noarch
centreon-release-21.10-4.el7.centos.noarch
centreon-trap-21.10.1-1.el7.centos.noarch
centreon-web-21.10.1-1.el7.centos.noarch
centreon-widget-engine-status-21.10.0-2.el7.centos.noarch
centreon-widget-global-health-21.10.0-2.el7.centos.noarch
centreon-widget-graph-monitoring-21.10.0-2.el7.centos.noarch
centreon-widget-grid-map-21.10.0-2.el7.centos.noarch
centreon-widget-hostgroup-monitoring-21.10.0-2.el7.centos.noarch
centreon-widget-host-monitoring-21.10.0-2.el7.centos.noarch
centreon-widget-httploader-21.10.0-2.el7.centos.noarch
centreon-widget-live-top10-cpu-usage-21.10.0-2.el7.centos.noarch
centreon-widget-live-top10-memory-usage-21.10.0-2.el7.centos.noarch
centreon-widget-servicegroup-monitoring-21.10.0-2.el7.centos.noarch
centreon-widget-service-monitoring-21.10.0-2.el7.centos.noarch
centreon-widget-tactical-overview-21.10.0-2.el7.centos.noarch

Operating System CentOS, Debian ... CentOS 7

Browser used

Version: 96.0.4664.45

Description

When using the new feature to export and reload the configuration through the new shortcut. image

The export failed with that error message. There was a consistency error in the exported files - please use the legacy export menu to troubleshoot

The export works fine through the legacy menu.

Steps to Reproduce

  1. Enable HTTPS with a self-signed certificate
  2. Try to export the configuration through the shortcut "EXPORT CONFIGURATION".

Describe the received result

Error: There was a consistency error in the exported files - please use the legacy export menu to troubleshoot

Describe the expected result

image

Logs

PHP error logs

For PHP 8

tail -f /var/log/php-fpm/centreon-error.log
[01-Dec-2021 12:52:44 America/Toronto] CRITICAL: There was an consistency error in the exported files  - please use the legacy export menu to troubleshoot {"context":"[object] (Centreon\\Domain\\MonitoringServer\\Exception\\MonitoringServerException(code: 0): There was an consistency error in the exported files  - please use the legacy export menu to troubleshoot at /usr/share/centreon/src/Centreon/Application/Controller/Configuration/MonitoringServerController.php:22)"}

Additional relevant information (e.g. frequency, ...)

After adding some debug in the code I find out the following error message <pre>errorobject(Centreon\Domain\MonitoringServer\Exception\ConfigurationMonitoringServerException)#657 (7) { ["message":protected]=> string(217) "Generation error on monitoring server #7: Peer certificate cannot be authenticated with given CA certificates for "https://x.x.x.x/centreon/include/configuration/configGenerate/xml/generateFiles.php"."

After adding my root certificate as "trust" in my central server with "update-ca-trust", the feature works fine.

We should allow the usage of "untrusted" certificates.

uc33260 commented 2 years ago

I have the same issue.

I have Centreon 22.04 and a valid SSL certificate. I copied my root-ca and intermediate-ca on /etc/pki/ca-trust and used the command update-ca-trust.

But I have always the same issue: There was an consistency error in the exported files - please use the legacy export menu to troubleshoot

An idea ?

ponchoh commented 2 years ago

Hi @uc33260

copy your ca_selfsigned.crt (or the name you are using) file to 

/etc/pki/ca-trust/source/anchors/ca_selfsigned.crt

chmod it to 644

 update-ca-certificates

and done... thanks @Tpo76

image

uc33260 commented 2 years ago

Thank you for help :) that's work for me !