CheckMk Rest API Activation Error

Troubleshooting
1

CMK version: Checkmk Cloud Edition 2.2.0p12
OS version: Rocky Linux release 8.8 (Green Obsidian)

Error message: http: error: unrecognized arguments: Authorization: Basic user password Accept: application/json If-Match:“a20ceacf346041dc” Content-Type:application/json redirect:=false sites:=[“production”] force_foreign_changes:=false

I am using the API to try and automate the process of adding a host, activating the changes and after scan the host for services and activate those as well. I was able to add the host to checkmk via api but when I try to activate the changes I get the error posted above. This is the code I’m trying to use:

#!/bin/bash
HOST_NAME="hostname"
SITE_NAME="monitoring"
API_URL="http://$HOST_NAME/$SITE_NAME/check_mk/api/1.0"

USERNAME="username"
PASSWORD="password"

# Requires httpie version >= 3

http POST "$API_URL/domain-types/activation_run/actions/activate-changes/invoke" \
    --follow \
    --all \
    "Authorization: Bearer $USERNAME $PASSWORD" \
    "Accept: application/json" \
    'If-Match:"a20ceacf346041dc"' \
    'Content-Type:application/json' \
    redirect:=false\
    sites:='["production"]'\
    force_foreign_changes:=false

I obtained the code from the example given when you visit the checkmk ReDoc section of the checkmk instance. My apologies if there is an obvious fix to this but I am new to checkmk and their api or api in general and not sure what would be off here. To add the host, I got the example from the same place and it worked perfectly. Also, let me know if there is any additional information I can provide so I can do so as soon as possible!

Thank you in advanced for any and all help!

2

Hi,
Just a question when i am comparing your ‘If-Match’ , which should point to the E-Tag to what i use in an API-call

It seems a bit ‘short’ ?

Could it be that it is somehow truncated ?
As my E-Tags are quite a bit longer => ‘8f7792ee826e463aa63b12d50dccfbd9b02034664ef0405d0775e4d8a8d2ffd3’

  • Glowsome
3

Hello,

Thank you for your update! Here comes the rookie question of the day so my apologies but where would I be able to find the etag that I can properly use and copy for the command listed above?

Thank you!

4

Hi @hovnetworks

I have investigated this further, and according to the ReDoc documentation , and testing it myself ( i test/ use the API with Postman).

there is no need for a header ‘If-Match’ , so no need for an ETag at all in a/the request.

Looking at the example in ReDoc ( i use CMK CRE v2.1.0p37 ) the correct call would be:

#!/bin/bash
HOST_NAME="Your_Hostname"
SITE_NAME="Your_SiteName"
API_URL="http://$HOST_NAME/$SITE_NAME/check_mk/api/1.0"

USERNAME="automation"
PASSWORD="test123"

http POST "$API_URL/domain-types/activation_run/actions/activate-changes/invoke" \
    --follow \
    --all \
    "Authorization: Bearer $USERNAME $PASSWORD" \
    "Accept: application/json" \
    'Content-Type:application/json' \
    redirect='False' \
    sites='['Your_sitename']' \
    force_foreign_changes='False' \

To create a change i moved a service from monitored to undecided via my browser.

When i tested activating the changes via the API the reply was:

{
    "title": "The operation has failed.",
    "status": 401,
    "detail": "There are changes from other users and foreign changes are not allowed in this API call."
}

So to get past this i changed the request’s parameter force_foreign_changes to true

Then re-ran the request, and it activated successfully with this returned:

{
    "links": [
        {
            "domainType": "link",
            "rel": "self",
            "href": "http://monitor.mydomain.tld/mysitename/check_mk/api/1.0/objects/activation_run/0638d5e9-8c7c-40eb-8f50-83af908c40bd",
            "method": "GET",
            "type": "application/json"
        },
        {
            "domainType": "link",
            "rel": "urn:com.checkmk:rels/wait-for-completion",
            "href": "http://monitor.mydomain.tld/mysitename/check_mk/api/1.0/objects/activation_run/0638d5e9-8c7c-40eb-8f50-83af908c40bd/actions/wait-for-completion/invoke",
            "method": "GET",
            "type": "application/json"
        }
    ],
    "domainType": "activation_run",
    "id": "0638d5e9-8c7c-40eb-8f50-83af908c40bd",
    "title": "Activation 0638d5e9-8c7c-40eb-8f50-83af908c40bd was started.",
    "members": {},
    "extensions": {}
}

Hope this helps,

  • Glowsome
5

Hello,

Thank you for the update I really appreciate it! This also helped me figure out how to test this out a bit more. Now, I have updated the test script as suggested but when I run it I keep getting this error:

[root@media ~]# ./activate_changes.sh
usage: http [--json] [--form] [--multipart] [--boundary BOUNDARY] [--raw RAW]
            [--compress] [--pretty {all,colors,format,none}] [--style STYLE]
            [--unsorted] [--sorted] [--response-charset ENCODING]
            [--response-mime MIME_TYPE] [--format-options FORMAT_OPTIONS]
            [--print WHAT] [--headers] [--body] [--verbose] [--all]
            [--history-print WHAT] [--stream] [--output FILE] [--download]
            [--continue] [--quiet]
            [--session SESSION_NAME_OR_PATH | --session-read-only SESSION_NAME_OR_PATH]
            [--auth USER[:PASS]] [--auth-type {basic,digest}] [--ignore-netrc]
            [--offline] [--proxy PROTOCOL:PROXY_URL] [--follow]
            [--max-redirects MAX_REDIRECTS] [--max-headers MAX_HEADERS]
            [--timeout SECONDS] [--check-status] [--path-as-is] [--chunked]
            [--verify VERIFY] [--ssl {ssl2.3,tls1,tls1.1,tls1.2}]
            [--ciphers CIPHERS] [--cert CERT] [--cert-key CERT_KEY]
            [--ignore-stdin] [--help] [--version] [--traceback]
            [--default-scheme DEFAULT_SCHEME] [--debug]
            [METHOD] URL [REQUEST_ITEM [REQUEST_ITEM ...]]
http: error: unrecognized arguments: Authorization: Bearer adminuser password Accept: application/json Content-Type:application/json redirect=False sites=[monitoring] force_foreign_changes=True

Not sure if the versions are different since I’m on Checkmk Cloud Edition 2.2.0p12 but I’ll keep trying and see if I can figure it out and post it here. Thank you again so much!