Error when adding an IBM i Host

[brynpg]

Hi

I'm trying to add an IBM i host which can only be connected to via secure ports (947* range).

SSL/TLS has been configured successfully - required certificates added to the Nagios keystore.
This has been proven by completing the same process on an IBM i host that can be connected on unsecure ports (847* range).

When I complete the wizard (screen shot attached) it fails with the error:
Register profile error:
java.net.SocketTimeoutException: connect timed out
Insert host failed

Does anyone have any suggestions on how I can overcome this issue?

Thanks

[williamlea1]

Hi,

Firstly, as its the wizard then IBM will be the place to go to get assistance with it.

Secondly have you tried to putty from Nagios server to the IBM i securely. Just to ensure certs are in place?

[SebeekS]

I think you have to temporarily open unsecure ports, add services and then close those non-ssl ports

[brynpg]

@SebeekS @williamlea1 Thanks for your replies.

Some good news ... I've found a way around this - well, it worked for me anyway.

1. Create a local host table entry on the Nagios server for the LPAR in question but give it the IP address of an LPAR that you can communicate with over unsecure ports
2. Run the Nagios for IBM i add host config script
   /bin/bash /usr/local/nagios/libexec/host_config.sh -i
3. Change the local host table back to its original value

You can then configure your services to communicate over TLS/SSL for the host in question.

[SebeekS]

@brynpg good idea. But if you have different credentials on both, you will have to change it on the secondary server so it matches later