Icinga2 api setup - failed with error code 13 - 'mkstemp' for file 'api-users.conf

Icinga 2
,
1

I am not sure if this is a bug or something i have missed while setting up Icinga.

I am trying to enable API on my Icinga Master server, which is throwing this message below:

Guide i am following to set up my master server :

#############
root@MEL04MON07-1:/# icinga2 api setup
information/cli: Generating new CA.
warning/cli: CA files ‘/var/lib/icinga2/ca//ca.crt’ and ‘/var/lib/icinga2/ca//ca.key’ already exist.
warning/cli: Found CA, skipping and using the existing one.
information/cli: Private key file ‘/var/lib/icinga2/certs//MEL04MON07-1.key’ already exists, not generating new certificate.
information/cli: Adding new ApiUser ‘root’ in ‘/etc/icinga2/conf.d/api-users.conf’.
critical/Application: Error: Function call ‘mkstemp’ for file ‘/etc/icinga2/conf.d/api-users.conf.XXXXXX’ failed with error code 13, ‘Permission denied’

Additional information is available in ‘/var/log/icinga2/crash/report.1600062349.563251’

Aborted

#############

@@below is my output from the crash report file.

Caught unhandled exception.
Current time: 2020-09-14 15:45:49 +1000

Application version: r2.11.2-1

System information:
Platform: Ubuntu
Platform version: 20.04.1 LTS (Focal Fossa)
Kernel: Linux
Kernel version: 5.4.0-45-generic
Architecture: x86_64

Build information:
Compiler: GNU 9.2.1
Build host: lcy01-amd64-022

Application information:

General paths:
Config directory: /etc/icinga2
Data directory: /var/lib/icinga2
Log directory: /var/log/icinga2
Cache directory: /var/cache/icinga2
Spool directory: /var/spool/icinga2
Run directory: /run/icinga2

Old paths (deprecated):
Installation root: /usr
Sysconf directory: /etc
Run directory (base): /run
Local state directory: /var

Internal paths:
Package data directory: /usr/share/icinga2
State path: /var/lib/icinga2/icinga2.state
Modified attributes path: /var/lib/icinga2/modified-attributes.conf
Objects path: /var/cache/icinga2/icinga2.debug
Vars path: /var/cache/icinga2/icinga2.vars
PID path: /run/icinga2/icinga2.pid

Error: Function call ‘mkstemp’ for file ‘/etc/icinga2/conf.d/api-users.conf.XXXXXX’ failed with error code 13, ‘Permission denied’

  • This would indicate a runtime problem or configuration error. If you believe this is a bug in Icinga 2
  • please submit a bug report at https://github.com/Icinga/icinga2 and include this stack trace as well as any other
  • information that might be useful in order to reproduce this problem.

Failed to launch GDB: No such file or directory

Now, i am stuck and unable to complete my initial icinga2web setup.
Did anyone had this issue on Icinga API setup? Any input much appreciated.

2

Below listed my dir permission

ll /etc/icinga2/conf.d/

total 56
drwxr-xr-x 2 root root 4096 Sep 11 15:12 ./
drwxr-x— 8 nagios nagios 4096 Sep 12 19:12 …/
-rw-r–r-- 1 root root 35 Mar 5 2020 app.conf
-rw-r–r-- 1 root root 114 Feb 18 2020 apt.conf
-rw-r–r-- 1 root root 5297 Mar 5 2020 commands.conf
-rw-r–r-- 1 root root 542 Mar 5 2020 downtimes.conf
-rw-r–r-- 1 root root 638 Mar 5 2020 groups.conf
-rw-r–r-- 1 root root 1500 Mar 5 2020 hosts.conf
-rw-r–r-- 1 root root 793 Mar 5 2020 notifications.conf
-rw-r–r-- 1 root root 2131 Mar 5 2020 services.conf
-rw-r–r-- 1 root root 2060 Mar 5 2020 templates.conf
-rw-r–r-- 1 root root 732 Mar 5 2020 timeperiods.conf
-rw-r–r-- 1 root root 308 Mar 5 2020 users.conf

ll /etc/icinga2/

total 52
drwxr-x— 8 nagios nagios 4096 Sep 12 19:12 ./
drwxr-xr-x 123 root root 12288 Sep 12 19:03 …/
drwxr-xr-x 2 root root 4096 Sep 11 15:12 conf.d/
-rw-r–r-- 1 root root 998 Mar 5 2020 constants.conf
drwxr-xr-x 2 root root 4096 Sep 14 10:11 features-available/
drwxr-x— 2 nagios nagios 4096 Sep 13 21:49 features-enabled/
-rw-r–r-- 1 root root 1721 Mar 5 2020 icinga2.conf
drwx------ 2 nagios nagios 4096 Mar 5 2020 pki/
drwxr-xr-x 2 root root 4096 Sep 11 15:04 scripts/
-rw-r–r-- 1 root root 1334 Mar 5 2020 zones.conf
drwxr-xr-x 2 root root 4096 Sep 11 15:04 zones.d/

3

I just ran into this issue also. I am running 20.04 also.

The crash report shows: Failed to launch GDB: No such file or directory

The following is the CLI output

No ticket was specified. Please approve the certificate signing request manually
on the master (see 'icinga2 ca list' and 'icinga2 ca sign --help' for details).
Please specify the API bind host/port (optional):
Bind Host []:
Bind Port []:

Accept config from parent node? [y/N]: y
Accept commands from parent node? [y/N]: y

Reconfiguring Icinga...
critical/Application: Error: boost::filesystem::copy_file: Permission denied: "/etc/icinga2/features-available/api.conf", "/etc/icinga2/features-available/api.conf.orig"



Additional information is available in '/var/log/icinga2/crash/report.1600443860.895141'

Aborted
4

Hi.

I spinned up a new Ubuntu 20.04 LTS VM and did a fresh install. I didn’t get this error.

There are two thing which are surprising:

  1. The directory /etc/icinga2/conf.d is typically owned by nagios:nagios, also the files in the directory. The output of your files shows, that they were whether created or modified in March 2020. Did you probably manually change the permissions?
Files and permissions within /etc/icinga2 
# After base install of icinga2, running "icinga2 api setup" and "icinga node wizard" as master-setup

# Contents and permissions of /etc/icinga2/
drwxr-x---  2 nagios nagios 4096 Sep 21 14:09 conf.d/
-rw-r--r--  1 nagios nagios 1032 Sep 21 14:09 constants.conf
-rw-r-----  1 nagios nagios  998 Sep 21 14:09 constants.conf.orig
drwxr-x---  2 nagios nagios 4096 Sep 21 14:09 features-available/
drwxr-x---  2 nagios nagios 4096 Sep 21 14:09 features-enabled/
-rw-r--r--  1 nagios nagios 1895 Sep 21 14:09 icinga2.conf
-rw-r-----  1 nagios nagios 1721 Sep 21 14:09 icinga2.conf.orig
drwx------  2 nagios nagios 4096 Aug  5 12:32 pki/
drwxr-xr-x  2 root   root   4096 Sep 21 13:32 scripts/
-rw-r--r--  1 nagios nagios  283 Sep 21 14:09 zones.conf
-rw-r-----  1 nagios nagios 1334 Sep 21 14:09 zones.conf.orig
drwxr-x---  2 nagios nagios 4096 Sep 21 13:32 zones.d/


# Contents and permissions of /etc/icinga2/conf.d/
-rw-r--r-- 1 nagios nagios  179 Sep 21 14:09 api-users.conf
-rw-r--r-- 1 nagios nagios   35 Aug  5 12:32 app.conf
-rw-r--r-- 1 nagios nagios  114 Aug  5 12:32 apt.conf
-rw-r--r-- 1 nagios nagios 5297 Aug  5 12:32 commands.conf
-rw-r--r-- 1 nagios nagios  542 Aug  5 12:32 downtimes.conf
-rw-r--r-- 1 nagios nagios  638 Aug  5 12:32 groups.conf
-rw-r--r-- 1 nagios nagios 1500 Aug  5 12:32 hosts.conf
-rw-r--r-- 1 nagios nagios  793 Aug  5 12:32 notifications.conf
-rw-r--r-- 1 nagios nagios 2131 Aug  5 12:32 services.conf
-rw-r--r-- 1 nagios nagios 2060 Aug  5 12:32 templates.conf
-rw-r--r-- 1 nagios nagios  732 Aug  5 12:32 timeperiods.conf
-rw-r--r-- 1 nagios nagios  308 Aug  5 12:32 users.conf
  1. Your Icinga2-Version should be r2.12.0-1 with the latest install.
    You should maybe update it, if possible.

Hope this helps.

Greetings.

5

Thank for your reply @homerjay.

I have this fix with giving below file permissions. All the best @lightiv.

chown -R :nagios /etc/icinga2/conf.d/
chmod 775 /etc/icinga2/conf.d/
chmod 664 /etc/icinga2/conf.d/*

chown -R :nagios /etc/icinga2/features-available
chmod 775 /etc/icinga2/features-available
chmod 664 /etc/icinga2/features-available/*