Could not validate token

Hi,
… guess this has been asked before but I could not find a solution…

I try to install the latest version of icinga according to “https://www.howtoforge.com/how-to-install-icinga-2-monitoring-on-ubuntu-20-04/”.

However, when I start the web routine in the browser on the page

mydomain/icingaweb2/setup

I get the error code:

Konnte Token nicht validieren: /etc/icingaweb2/setup.token (FileObject::__construct(/etc/icingaweb2/setup.token): failed to open stream: Permission denied)
Weiter

So obviuously there is a read prob. In the logs I could see:

Oct 11 17:37:36 collab icingaweb2[2766575]: Icinga\Exception\IcingaException in /usr/share/php/Icinga/Application/ApplicationBootstrap.php:449 with message: Cannot load enabled modules. An exception was thrown: ← Icinga\Exception\NotReadableError in /usr/share/php/Icinga/Application/Modules/Manager.php:122 with message: Cannot read enabled modules. Config directory “/etc/icingaweb2” is not readable

Then I added the www-data -User to the group icingaweb2 but without success. We use different php - versions for different virtual hosts (php-fpm). PHP 7.3 is set for the icinga site. The virtual host for the icinga site is run by different user “monitoring” That user is also in the group icingaweb2.

Can you get me started here ?

Best Thanks!

Thor

What is ls -d /etc/icingaweb2 ? What user is your web server or PHP-FPM running as? You may need to add them to the icingaweb2 group. Did you run icingacli setup token create yet?

Hi Lee,

thanks a lot for your immediate reply … was closing from work yesterday, so I did not saw your answer…

So here are some answers from my side:

1.) icingaweb2 directory

root# ls -d /etc/icingaweb2/
/etc/icingaweb2/
root# ls -la /etc/icingaweb2/
total 24
drwxrws— 3 root icingaweb2 4096 Oct 11 16:14 .
drwxr-xr-x 126 root root 12288 Oct 12 09:55 …
drwxrws— 3 root icingaweb2 4096 Oct 11 16:12 modules
-rw-rw---- 1 root icingaweb2 17 Oct 11 17:20 setup.token
root#

2.) Apache user

for my vrtual host the apache user is : “monitoring”

root# ps awux | grep php-fpm
root 2752571 0.0 0.3 227484 31732 ? Ss Oct11 0:03 php-fpm: master process (/etc/php/7.3/fpm/php-fpm.conf)
monitor+ 2752573 0.0 0.1 227624 9720 ? S Oct11 0:00 php-fpm: pool monitoring
monitor+ 2752574 0.0 0.2 227780 18844 ? S Oct11 0:00 php-fpm: pool monitoring

The user “monitoring” is assgined to group “icingaweb2”

root# less /etc/group

monitoring:x:1012:
nagios:x:124:
icingaweb2:x:125:www-data,monitoring

same goes for /etc/group-

The point is I start the install - routine in url similar to

https://monitoring.ourdomain.com/icingaweb2/setup

Whereas the docu has a url similar to

https://1.2.3.4/icingaweb2/setup

Is here a mistake ? Do i have to set special directory permissions in apache - conf ?

In the docu there is one step:

ALTER USER icinga2@localhost IDENTIFIED WITH mysql_native_password BY ‘aqwe123@#$’;

that command did not work. So made:

ALTER USER icinga2@localhost IDENTIFIED BY ‘aqwe123@#$’;

Can that be the reason or will my SQL-statement cause trouble elsewere ?

Would be grateful for you help!

Best,
Thor

The SQL permissions shouldn’t be causing the filesystem permissions error you posted initially. Maybe you haven’t restarted PHP-FPM/Apache after adding the user to the group? For SQL you’ll need to run flush privileges if you’re using MySQL.

I just got same problem, I think It problem because of your www-data have no right to read that setup.token, I solve it with add more access to token with

chmod +666 /etc/icingaweb2/setup.token