API (RestApiResponse.php:108) problem Icinga Director

RsMonitor · June 4, 2019, 10:14am

Hey guys, I have a problem with my icinga director.

I set up a new database “director” to use it in icinga2. This is how i imported the resource:

I then configured the director module:

This is my api-users.conf:

Kickstart looks like this:

–> endpoint name is same as icinga host
–> the config seems to be valid

However, i get this ERROR:

I would be very thankful if anyone has more tips. No idea where to start atm

Thanks & cheers

RsMonitor · June 4, 2019, 10:17am

Edit: If i try to validate my api in console with

curl -k -s -u root:icinga 'https://localhost:5665/v1'

i get the response:

<html><head><title>Icinga 2</title></head><h1>Hello from Icinga 2 (Version: r2.10.4-1)!</h1><p>You are authenticated as <b>root</b>. Your user has the following permissions:</p> <ul><li>status/query</li><li>actions/*</li><li>objects/modify/*</li><li>objects/query/*</li><li>console</li><li>config/query</li><li>config/modify</li></ul><p>More information about API requests is available in the <a href="https://docs.icinga.com/icinga2/latest" target="_blank">documentation</a>.</p>

dnsmichi · June 4, 2019, 11:03am

Hi,

which version of Icinga 2 is used here, and how about its logs when the error is seen in the Director?

Cheers,
Michael

mfrosch · June 4, 2019, 12:43pm

The errors mentioned is coming directly from Icinga 2…

Could not create package

Have you had a look into Icinga 2’s log file? Could be a permission problem in the filesystem, check /var/lib/icinga2/api/packages

https://github.com/Icinga/icinga2/blob/06fc6055d54ed4f849e19ab6397218e560892e6f/lib/remote/configpackageshandler.cpp#L113-L121

RsMonitor · June 6, 2019, 7:45am

Hi Michael&Markus, thanks for the answers!

If I do the “deploy”-action my /var/log/icinga2/icinga2.log looks like this:

[2019-06-06 09:38:26 +0200] information/WorkQueue: #5 (InfluxdbWriter, influxdb) items: 1, rate: 0.0833333/s (5/min 29/5min 89/15min); empty in infinite time, your task handler isn't able to keep up
[2019-06-06 09:38:33 +0200] information/ApiListener: New client connection from [10.0.28.176]:38186 (no client certificate)
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: Unable to process available data, they're already being processed in another thread
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: Request: GET /v1 (from [10.0.28.176]:38186), user: root)
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: Request: GET /v1/config/packages (from [10.0.28.176]:38186), user: root)
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: Request: GET /v1/config/packages (from [10.0.28.176]:38186), user: root)
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: Request: POST /v1/config/packages/director (from [10.0.28.176]:38186), user: root)
[2019-06-06 09:38:33 +0200] information/HttpServerConnection: HTTP client disconnected (from [10.0.28.176]:38186)

my /var/lib/icinga2/api/packages is empty…

Any idea?

Thank you guys!

mfrosch · June 6, 2019, 7:50am

Looks like the error is not logged and only sent to the client.

Can you check permissions for the files?

ls -alR /var/lib/icinga2/api

dnsmichi · June 6, 2019, 7:54am

To me, it looks like the Director is re-using the curl session (:38186) which already runs into a dead lock with the Icinga 2 API. That’s one of the problems resolved with the network stack rewrite.

I’m not sure, I remember talking with @tgelf about closing the connection after each request, but not which versions are covered and which are not.

@RsMonitor which Director version is used here?

Cheers,
Michael

RsMonitor · June 6, 2019, 7:54am

Okay…this is the output i get when checking the permissions:

/var/lib/icinga2/api:
total 24
drwxr-xr-x. 6 root   root   4096 May 15 15:39 .
drwxr-x---. 6 icinga icinga 4096 Jun  6 09:52 ..
drwxr-xr-x. 2 root   root   4096 May 15 15:39 log
drwxrwxr-x. 2 root   root   4096 May 15 15:39 packages
drwxr-xr-x. 2 root   root   4096 May 15 15:39 repository
drwxr-xr-x. 2 root   root   4096 May 15 15:39 zones

/var/lib/icinga2/api/log:
total 8
drwxr-xr-x. 2 root root 4096 May 15 15:39 .
drwxr-xr-x. 6 root root 4096 May 15 15:39 ..

/var/lib/icinga2/api/packages:
total 8
drwxrwxr-x. 2 root root 4096 May 15 15:39 .
drwxr-xr-x. 6 root root 4096 May 15 15:39 ..

/var/lib/icinga2/api/repository:
total 8
drwxr-xr-x. 2 root root 4096 May 15 15:39 .
drwxr-xr-x. 6 root root 4096 May 15 15:39 ..

/var/lib/icinga2/api/zones:
total 8
drwxr-xr-x. 2 root root 4096 May 15 15:39 .
drwxr-xr-x. 6 root root 4096 May 15 15:39 ..

mfrosch · June 6, 2019, 7:56am

Yes permissions are wrong, those files should not be owned by root…

chown -R icinga.icinga /var/lib/icinga2/api

RsMonitor · June 6, 2019, 8:00am

Wow! @mfrosch that actually did the trick! thank you so much!
Did I mess up the permissions / forgot to set them? I set up icinga 2 as root user - maybe this was the problem?

Anyways, its working. Thank you guys, very helpful!

mfrosch · June 6, 2019, 8:09am

All Icinga commands should create files with the proper permissions, so no idea what could have caused this. If you can reproduce it, please share.

RsMonitor · June 6, 2019, 8:11am

Alright. I’ll try but dont think so as I tried & played around with it for several days…thanks again! Can be closed

mfrosch · June 6, 2019, 8:34am

You can mark the post that answered your question as “solved my problem”