API request failed: Unhandled exception (RestApiResponse.php:113)

I have installed the director but some changes have not deployed. The director is raising the error " * * API request failed: Unhandled exception (RestApiResponse.php:113)". Error occurs when you go to Icinga > Deployments > Infrastructure > Endpoints or Icinga API user.

Below is part of /etc/icinga2/zones.conf

/*
 * Endpoint and Zone configuration for a cluster setup
 * This local example requires `NodeName` defined in
 * constants.conf.
 */

object Endpoint NodeName {
  host = NodeName
}

object Zone ZoneName {
  endpoints = [ NodeName ]
}

/*
 * Defines a global zone for distributed setups with masters,
 * satellites and clients.
 * This is required to sync configuration commands,
 * templates, apply rules, etc. to satellite and clients.
 * All nodes require the same configuration and must
 * have `accept_config` enabled in the `api` feature.
 */

object Zone "global-templates" {
  global = true
}

/*
 * Defines a global zone for the Icinga Director.
 * This is required to sync configuration commands,
 * templates, apply rules, etc. to satellite and clients.
 * All nodes require the same configuration and must
 * have `accept_config` enabled in the `api` feature.
 */

object Zone "director-global" {
  global = true
}

Below are install packages for director:

root@reports:~# dpkg -l php php-curl  php-posix php-sockets mariadb
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                               Version                Architecture           Description
+++-==================================-======================-======================-=========================================================================
ii  php                                1:7.0+49               all                    server-side, HTML-embedded scripting language (default)
ii  php-curl                           1:7.0+49               all                    CURL module for PHP [default]
un  php-posix                          <none>                 <none>                 (no description available)
un  php-sockets                        <none>                 <none>                 (no description available)

Below are installed modules for php:

root@reports:~# php -m
[PHP Modules]
calendar
Core
ctype
curl
date
dom
exif
fileinfo
filter
ftp
gettext
hash
iconv
imagick
intl
json
ldap
libxml
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
readline
Reflection
session
shmop
SimpleXML
sockets
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zlib

Hi,

Which versions of Icinga 2, Web and Director are you using? Could you please have a look at the Icinga 2 logs. There should be something about the failing request.

All the best,
Eric

Found this in the log /var/log/icinga2/icinga2.log

[2020-06-08 08:32:52 +0300] information/ApiListener: New client connection from [127.0.0.1]:42358 (no client certificate)
[2020-06-08 08:32:52 +0300] information/HttpServerConnection: Request: GET /v1/ (from [127.0.0.1]:42358), user: icingaweb2, agent: ).
[2020-06-08 08:32:52 +0300] information/HttpServerConnection: Request: GET /v1/ (from [127.0.0.1]:42358), user: icingaweb2, agent: ).
[2020-06-08 08:32:52 +0300] information/HttpServerConnection: Request: GET /v1/config/packages (from [127.0.0.1]:42358), user: icingaweb2, agent: ).
[2020-06-08 08:32:52 +0300] warning/FilterUtility: Missing permission: config/query
[2020-06-08 08:32:52 +0300] information/HttpServerConnection: HTTP client disconnected (from [127.0.0.1]:42358)

About the software versions:
Icinga 2 version: r2.11.3-1
Icinga Web 2 Version 2.7.3
director 1.7.2

Think the permission issue is related to the file “/etc/icinga2/conf.d/api-users.conf” shown below. The user icingaweb2 in particular may not have enough rights.

/**
 * The ApiUser objects are used for authentication against the API.
 */
object ApiUser "root" {
  password = "somepassword"
  // client_cn = ""

  permissions = [ "*" ]
}

object ApiUser "icingaweb2" {
  password = "somepassword"
  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]
}

Issue resolved. I set the permissions for ApiUser to
[*]

object ApiUser "icingaweb2" {
  password = "somepassword"
  permissions = [ "*" ]
}

Then run
systemctl restart icinga2

Jamal,

Thanks for coming back with the solution here. I had this issue too. Following the documentation, everything on the Icinga doc pages suggests that the API-User should have the following restrictions:
permissions = [ “status/query”, “actions/", "objects/modify/”, “objects/query/*” ]

But obviously that’s not correct, as your solution where pemissions updated to [*] fixes it. Documentation is lacking in accurate information for people without an in-depth understanding of what Director does and how it communicates with the Icinga2 side of things.

You’re welcome. Think it’s better I try contact the developers about the issue to either get clarification from them or have the documentation improved. Will update here on progress