Open nagyt234 opened 2 years ago
Is sensu:: agent_entity_config_password
identical on both nodes?
Another thing to check is on the backend server run sensuctl entity list
and see if the entity is there for the drawmgt.zg-3.mydomain.org
host. It might be the Sensu Agent registered using a different name if maybe the host's FQDN doesn't actually show as drawmgt.zg-3.mydomain.org
. If entity names don't match can force it with sensu::agent::entity_name
.
Yes, the passwords are identical. I guess, otherwise I could not get the access token at the beginning of the log above with HTTP response 200.
sensuctl entity list
doesn't list the entity at all (I've known that), and that is the problem. Who and how should register the entity with this puppet module?
The sensu-agent daemon, when it starts, will register the entity with the sensu-backend and then after that Puppet is able to check the entity exists and perform other operations after the agent has registered the entity. I would check the logs for sensu-agent to see if anything indicates errors with registering the agent. If the entity list is empty then it also sounds like there was an issue with the backend's sensu-agent registering its entity too.
What I see, that the sensu agent is running:
# ps -ef | grep sensu
sensu 3788 1 0 15:47 ? 00:00:00 /usr/sbin/sensu-agent start -c /etc/sensu/agent.yml
The sensu agent log /var/log/sensu/sensu-client.log
is empty.
I've started the agent in a terminal and I see the following messages more time:
{"component":"agent","error":"x509: certificate signed by unknown authority","level":"error","msg":"reconnection attempt failed","time":"2022-01-27T16:17:59Z"}
{"component":"agent","level":"info","msg":"connecting to backend URL \"wss://moni2.mydomain.org:8081\"","time":"2022-01-27T16:18:00Z"}
The SSL certificate of moni2.mydomain.org
is Let's Encrypt certificate, so I do n ot understand this problem. I can connect to https://moni2.mydomain.org:8081/
with wget, I get obviously 401 Unauthorized
. OK, I've started now the agent with the option --insecure-skip-tls-verify
, then I got the following messages:
{"component":"agent","header":"Accept: application/octet-stream","level":"debug","msg":"setting header","time":"2022-01-27T16:39:18Z"}
{"component":"agent","error":"handshake failed with status 400: Bad Request\nwebsocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header\n","level":"error","msg":"reconnection attempt failed","time":"2022-01-27T16:39:18Z"}
So I think, the problem is, that the API ports are forwarded with apache rproxy to the VM and apache gives the SSL connection. I'm going to holiday now, so I'll investigate the problem further from the 8th of February.
Description of problem
I've installed basic sensu-backend with sensu-puppet with an agent on the same machine (moni2....) and with an agent on another machine (drawmgt....). Both machines are VMs.
I see in the dashboard, that the events of the entity, where the backend and the agent are on the same VM, are working correctlly. However the agent on the separate machine fails already at running puppet with the error message "Failed to connect to validate entity". From the debug log I can see, that the connection to the backend is working correctly, but querying the entity fails with RESPONSE: 404 {"message":"not found","code":2}.
The backend should register new agents automatically.
Use the following manifest files, where moni2... is the backend and drawmgt... is the agent::
Command used and debugging output
See the manifests files above
masterless
Platform and version information
Anything else to add that you think will be helpful?
The debug output of the puppet agent: