API (RestApiResponse.php:108) problem Icinga Director

Hey guys, I have a problem with my icinga director.

I set up a new database “director” to use it in icinga2. This is how i imported the resource:
image

I then configured the director module:

image

This is my api-users.conf:

image

Kickstart looks like this:

image

–> endpoint name is same as icinga host
–> the config seems to be valid

However, i get this ERROR:

image

I would be very thankful if anyone has more tips. No idea where to start atm

Thanks & cheers

Edit: If i try to validate my api in console with

curl -k -s -u root:icinga 'https://localhost:5665/v1'

i get the response:

<html><head><title>Icinga 2</title></head><h1>Hello from Icinga 2 (Version: r2.10.4-1)!</h1><p>You are authenticated as <b>root</b>. Your user has the following permissions:</p> <ul><li>status/query</li><li>actions/*</li><li>objects/modify/*</li><li>objects/query/*</li><li>console</li><li>config/query</li><li>config/modify</li></ul><p>More information about API requests is available in the <a href="https://docs.icinga.com/icinga2/latest" target="_blank">documentation</a>.</p>

Hi,

which version of Icinga 2 is used here, and how about its logs when the error is seen in the Director?

Cheers,
Michael

The errors mentioned is coming directly from Icinga 2…

Could not create package

Have you had a look into Icinga 2’s log file? Could be a permission problem in the filesystem, check /var/lib/icinga2/api/packages

https://github.com/Icinga/icinga2/blob/06fc6055d54ed4f849e19ab6397218e560892e6f/lib/remote/configpackageshandler.cpp#L113-L121

Hi Michael&Markus, thanks for the answers!

If I do the “deploy”-action my /var/log/icinga2/icinga2.log looks like this:

[2019-06-06 09:38:26 +0200] information/WorkQueue: #5 (InfluxdbWriter, influxdb) items: 1, rate: 0.0833333/s (5/min 29/5min 89/15min); empty in infinite time, your task handler isn't able to keep up
[2019-06-06 09:38:33 +0200] information/ApiListener: New client connection from [10.0.28.176]:38186 (no client certificate)
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: Unable to process available data, they're already being processed in another thread
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: Request: GET /v1 (from [10.0.28.176]:38186), user: root)
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: Request: GET /v1/config/packages (from [10.0.28.176]:38186), user: root)
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: Request: GET /v1/config/packages (from [10.0.28.176]:38186), user: root)
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: Request: POST /v1/config/packages/director (from [10.0.28.176]:38186), user: root)
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: HTTP client disconnected (from [10.0.28.176]:38186)

my /var/lib/icinga2/api/packages is empty…

Any idea?

Thank you guys!

Looks like the error is not logged :frowning_face: and only sent to the client.

Can you check permissions for the files?

ls -alR /var/lib/icinga2/api

To me, it looks like the Director is re-using the curl session (:38186) which already runs into a dead lock with the Icinga 2 API. That’s one of the problems resolved with the network stack rewrite.

I’m not sure, I remember talking with @tgelf about closing the connection after each request, but not which versions are covered and which are not.

@RsMonitor which Director version is used here?

Cheers,
Michael

Okay…this is the output i get when checking the permissions:

/var/lib/icinga2/api:
total 24
drwxr-xr-x. 6 root   root   4096 May 15 15:39 .
drwxr-x---. 6 icinga icinga 4096 Jun  6 09:52 ..
drwxr-xr-x. 2 root   root   4096 May 15 15:39 log
drwxrwxr-x. 2 root   root   4096 May 15 15:39 packages
drwxr-xr-x. 2 root   root   4096 May 15 15:39 repository
drwxr-xr-x. 2 root   root   4096 May 15 15:39 zones

/var/lib/icinga2/api/log:
total 8
drwxr-xr-x. 2 root root 4096 May 15 15:39 .
drwxr-xr-x. 6 root root 4096 May 15 15:39 ..

/var/lib/icinga2/api/packages:
total 8
drwxrwxr-x. 2 root root 4096 May 15 15:39 .
drwxr-xr-x. 6 root root 4096 May 15 15:39 ..

/var/lib/icinga2/api/repository:
total 8
drwxr-xr-x. 2 root root 4096 May 15 15:39 .
drwxr-xr-x. 6 root root 4096 May 15 15:39 ..

/var/lib/icinga2/api/zones:
total 8
drwxr-xr-x. 2 root root 4096 May 15 15:39 .
drwxr-xr-x. 6 root root 4096 May 15 15:39 ..

Yes permissions are wrong, those files should not be owned by root…

chown -R icinga.icinga /var/lib/icinga2/api
2 Likes

Wow! @mfrosch that actually did the trick! thank you so much!
Did I mess up the permissions / forgot to set them? I set up icinga 2 as root user - maybe this was the problem?

Anyways, its working. Thank you guys, very helpful!

All Icinga commands should create files with the proper permissions, so no idea what could have caused this. If you can reproduce it, please share.

Alright. I’ll try but dont think so as I tried & played around with it for several days…thanks again! Can be closed

You can mark the post that answered your question as “solved my problem”