when i perform the cur request curl -k -s -u root:test 'https://localhost:5665/v1" i get an error:
“Unauthorized. Please check your user credentials.”
I am sure the username and password is correct.
Do you have any idea?
The log says:
information/ApiListener: New client connection from [127.0.0.1]:41546 (no client certificate)
information/HttpServerConnection: Unable to process available data, they’re already being processed in another thread
information/HttpServerConnection: Request: GET /v1 (from [127.0.0.1]:41546), user: )
warning/HttpServerConnection: Unauthorized request: GET /v1
Context:
(0) Handling new API client connection
this looks like curl is not sending the basic auth credentials, you might want to add -vvv to the call to see what’s going on. Which icinga2 --version is involved here?
@silversurfer did you ever solve this? I’m having the exact same issue. @dnsmichi i added vvv to my curl params and it is sending basic auth as expected.
Some additional information:
I’m using rh-php71-php-fpm on CentOS 7 and verified that the necessary FilesMatch section and environment variable are in my apache config.
for the API there is no apache config and its not needed. Please create an api user with a other name then root (its a default user) and check with icinga2 object list --type apiuser if the user was created. I think you both put it in a file which is not getting loaded by icinga2.
icinga2 object list --type apiuser returns no results. The icinga2 log doesn’t seem to indicate why. In /etc/icinga2/conf.d/api-users.conf I have a test user:
My setup is distributed with two masters and four satellites, so I know that in general the API is working. But as you helped me realize, for some reason my ApiUser objects aren’t getting created.
I bet you have disabled the include of /etc/icinga2/conf.d/api-users.conf.
With cluster enabled you should put it under /etc/icinga2/zones.d/MASTERZONENAME/api-usaers.conf
Hmm…you were right that we weren’t including that path! I put the file in /etc/icinga2/zones.d/<master>/api-users.conf and restarted icinga2, but still no apiuer objects :[
I also tried putting it in /etc/icinga2/featuere-enabled/, which we are including, but got the same result.