Redfish iLO check plugin fails: Tunnel connection failed: 403 forbidden

Hello,

i implemented the check_redfish plugin (GitHub - bb-Ricardo/check_redfish: A monitoring/inventory plugin to check components and health status of systems which support Redfish. It will also create a inventory of all components of a system.) into my Icinga2 system (latest version), due to issues with checking the newest HPE iLO 5 systems with the “check_ilo2_health” plugin (https://exchange.nagios.org/directory/Plugins/Hardware/Server-Hardware/HP-(Compaq)/check_ilo2_health/details).

On icingaweb2 the plugin output is the following:

2022-02-28 17:40:57,​027 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:40:57,​028 - DEBUG: HTTP REQUEST: GET
	PATH: /redfish/v1/
	BODY: None
2022-02-28 17:40:57,​028 - INFO: Attempt 1 of /redfish/v1/
2022-02-28 17:40:57,​063 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:40:58,​065 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:40:58,​065 - DEBUG: HTTP REQUEST: GET
	PATH: /redfish/v1/
	BODY: None
2022-02-28 17:40:58,​065 - INFO: Attempt 2 of /redfish/v1/
2022-02-28 17:40:58,​083 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:40:59,​089 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:40:59,​090 - DEBUG: HTTP REQUEST: GET
	PATH: /redfish/v1/
	BODY: None
2022-02-28 17:40:59,​090 - INFO: Attempt 3 of /redfish/v1/
2022-02-28 17:40:59,​245 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:41:00,​252 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:41:00,​252 - DEBUG: HTTP REQUEST: GET
	PATH: /redfish/v1/
	BODY: None
2022-02-28 17:41:00,​252 - INFO: Attempt 4 of /redfish/v1/
2022-02-28 17:41:00,​267 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:41:01,​272 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
[CRITICAL]: Unable to connect to Host '10.116.246.168', max retries exhausted.

Service check and check commands have been copied from here:

I tried to implement this code line in the python script, but it did not solve the issue:
os.environ['no_proxy'] = "*"

It is very interesting that the queries do work when they get executed on the CLI (but not on icingaweb2):

root@icinga2:/usr/lib64/nagios/plugins/check_mk>>/usr/lib64/nagios/plugins/check_redfish/check_redfish.py -H 10.116.246.168 -u USERNAME-p PW--power [OK]: Chassi 1 : All power supplies (2) are in good condition [OK]: Chassi enclosurechassis : All power supplies (2) are in good condition|'ps_1.1'=355 'ps_1.2'=355 'ps_enclosurechassis.1'=355 'ps_enclosurechassis.2'=355

The feedback from the developer of the plugin is the following:

Then your icinga environment must contain proxy settings.
Change to the icinga user and run env or your icinga config contains theses settings.

But even if on the http_proxy and https_proxy env variable gets unset, the result of the checks stay the same

-bash-4.2$ env | grep proxy
ftp_proxy=http://cloud-revproxy:8080
no_proxy=.localdomain,localhost,127.0.0.1

Do you have any assumptions what might cause this?

Is there anyone that could help?

Is there a way to store the no_proxy variable in the check?

If have found the solution.
Just set e.g.
NO_PROXY="10.116.246.168,localhost,127.0.0.1,localaddress,.localdomain.com"
in sysconfig/icinga2 on your icinga2 client.

1 Like