1.6p17 CEE: Possible bug or design flaw in API call for downtime creates multiple downtimes if hostname is missing in call

wittmannthom · October 5, 2020, 11:26am

Hello together
we just discovered by accident that when a downtime for a host is created via API and the hostname is left out (accidentally), then Checkmk creates a downtime for multiple hosts.
We could verify this with 1.6p17 CEE
The (incorrect) API call for a 15minute downtime then would be:
https://server//check_mk/view.py?_do_confirm=Yes&_do_actions=yes&_transid=-1&view_name=hoststatus&site=&_ack_sticky=on&_ack_otify=off&output_format=JSON&_username=automation&_secret=504804f8-7ef3-47bc-90dc-553bee370d86&_down_comment=&_down_from_now=From+now+for&_down_minutes=15&host=
In our productive environment Checkmk sets downtimes for about 9000 of 20500 hosts, in our test env about 1000 of 1300 hosts are affected. The hosts Checkmk picks seem to have nothing in common.
We noticed it when we saw thousands of deferred “Downtime start” and “Donwtime end” in spooler directory.
Btw: Kudos to the developers: although there were so many deferred notifications, this had no impact on the Notifications per se and Checkmk tried to process them all.

BR Thomas

ChristianM · October 5, 2020, 12:52pm

Hi,

the view use filter criteria like host= . The filter “host” expect a list of hosts. If empty, all host selected, this is the way not only API works also the normal views.
The best way is to check if filter is empty on your own application.

Cheers,
Christian

wittmannthom · October 5, 2020, 2:08pm

Hi Christian
understood. But then the question remains: why not all hosts but only a part of them?

BR
Thomas

andreas-doehler · October 5, 2020, 3:21pm

Your test environment has the normal limit of 1k hosts active and your production environment has a changed limit for views. This would be the easiest solution why it is different between these two systems.

wittmannthom · October 5, 2020, 4:08pm

Hi Andreas
i thought that too but the numbers are odd, sorry i forgot the ~.
Here is the screenshot of test env right after the API call:
grafik
as you can see it is 1023. 271 are left out, for whatever reason.
In the prod env it was ~ 8690, counted on the deferred messages graph for the notification spooler.

BR
Thomas

andreas-doehler · October 5, 2020, 8:03pm

Easy test is to call the view with these parameters and take a look what you see.
I would not invest to much time in this problem as the 1.7 aka 2.0 brings also changes to the complete API / Web automation things.

ChristianM · October 6, 2020, 8:47am

Hi,

if you want all in your list, you can use “&limit=none” in the URL. Then you are able to get all.

Cheers,
Christian

wittmannthom · October 7, 2020, 11:39am

Hi Christian
no thats no what we want
The goal is to set an automated downtime on previously defined hosts. Only because one colleague missed the argument we just discovered that behaviour by accident.

BR Thomas

ChristianM · October 7, 2020, 12:17pm

Then you need the host explicit as list of hosts or use the host regex in the Views.

system · October 7, 2021, 12:17pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.