401 using automation secret after upgrade to 2.2

Troubleshooting
, , , ,
1

We have a few scripts that run using the RestAPI

An example curl call is

###########################################################################
get_agent_host(){
  out=$(
    curl -i -s -k \
      -G \
      --request GET \
      --write-out "\nxxx-status_code=%{http_code}\n" \
      --header "Authorization: Bearer $USERNAME $PASSWORD" \
      --header "Accept: application/json" \
      "$API_URL/objects/host_config/${AGENT_HOST_NAME}")


#  echo "${out}" > /tmp/omd-host-register.out.$$

  resp=$( echo "${out}" | grep -v "xxx-status_code" )
  code=$( echo "${out}" | awk -F"=" '/^xxx-status_code/ {print $2}')
  etag=$( echo "${out}" | grep -i "^etag:" | awk -F'"'  '{print $2}')
}

CMK version:
2.2.0p21.cre (upgraded from 2.1.0p36.cre)

OS version:
RHEL 7

Error message:
{
“title”: “Unauthorized”,
“status”: 401,
“detail”: “Wrong credentials (Bearer header)”
}

The example scripts in this script call api at the following URLs -
"“https://$SERVER_NAME/$SITE_NAME/check_mk/api/1.0/objects/host_config/${AGENT_HOST_NAME}”
""https://$SERVER_NAME/$SITE_NAME/check_mk/api/1.0/domain-types/host_config/collections/all
""https://$SERVER_NAME/$SITE_NAME/check_mk/api/1.0/domain-types/activation_run/actions/activate-changes/invoke

Any ideas as to why the script would work with 2.1 but not 2.2?

Thank you.

2

Hello. Verify your used $USERNAME $PASSWORD within siteusers “~/etc/htpasswd” for the automation user. Maybe this can help to fix authentication issues with RestAPI, too: Windows Agent TLS Register Error "...Wrong credentials (Bearer header)"

3

Thank you!

We found that our
~/var/check_mk/web/automation/automation.secret

and
~/etc/htpasswd

Had different values - making these the same seemed to fix the issue.