DCD gets "401 Unauthorized" for url http://localhost:5001/mysite/check_mk/api/1.0/domain-types/host_config/collections/all

AlexK · February 21, 2023, 8:36am

CMK version: 2.1.0p21.cee
OS version: Ubuntu 22.04.1 LTS

Error message:

09:10:32 ERROR An exception occured
Traceback (most recent call last):
  File "/omd/sites/com11/lib/python3/cmk/cee/dcd/connectors/piggyback.py", line 229, in _execute_phase2
    cmk_hosts = self._web_api.get_all_hosts()
  File "/omd/sites/com11/lib/python3/cmk/cee/dcd/web_api.py", line 224, in get_all_hosts
    resp = self._session.get("/domain-types/host_config/collections/all")
  File "/omd/sites/com11/lib/python3.9/site-packages/requests/sessions.py", line 600, in get
    return self.request("GET", url, **kwargs)
  File "/omd/sites/com11/lib/python3/cmk/cee/dcd/web_api.py", line 142, in request
    raise MKAPIError(f"{response.text} (URL: {url})")
cmk.cee.dcd.web_api.MKAPIError: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
Unauthorized

This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.

</body></html>
 (URL: http://localhost:5001/com11/check_mk/api/1.0/domain-types/host_config/collections/all)

I have created a new connection under “Dynamic host management”. At the beginning the connection complained that the automation user ‘automation’ was missing in my site. I created this user manually although it should be created by checkmk in new sites. After that I get this error message through the connection.

gstolz · February 21, 2023, 9:59am

What role does your automation user have? Usually the user has the role “administrator”

AlexK · February 21, 2023, 10:16am

Yes, the automation user has role “Administrator”.

AlexK · February 22, 2023, 7:58am

Also a manual query with the automation user leads to the same error message:

OMD[com11]:~/lib/python3/cmk/cee/dcd$ cat ~/var/check_mk/web/automation/automation.secret
VERYSECRETSECRET
OMD[com11]:~/lib/python3/cmk/cee/dcd$ curl -v --header "Authorization: Bearer automation VERYSECRETSECRET" http://localhost:5001/com11/check_mk/api/1.0/domain-types/host_config/collections/all
*   Trying 127.0.0.1:5001...
* Connected to localhost (127.0.0.1) port 5001 (#0)
> GET /com11/check_mk/api/1.0/domain-types/host_config/collections/all HTTP/1.1
> Host: localhost:5001
> User-Agent: curl/7.81.0
> Accept: */*
> Authorization: Bearer automation VERYSECRETSECRET
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Date: Wed, 22 Feb 2023 07:54:17 GMT
< Server: Apache
< Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' ssh: rdp:; img-src 'self' data: https://*.tile.openstreetmap.org/ ; connect-src 'self' https://crash.checkmk.com/ https://license.checkmk.com/api/upload ; frame-ancestors 'self' ; base-uri 'self'; form-action 'self' javascript: 'unsafe-inline'; object-src 'self'; worker-src 'self' blob:
< Permissions-Policy: accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), usb=()
< X-Frame-Options: sameorigin
< X-XSS-Protection: 1; mode=block
< X-Permitted-Cross-Domain-Policies: none
< Referrer-Policy: origin-when-cross-origin
< X-Content-Type-Options: nosniff
< WWW-Authenticate: Basic realm="OMD Monitoring"
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
* Connection #0 to host localhost left intact

Raf · March 27, 2023, 1:09pm

I have exactly the same problem after changing user so it will stop complaining i am getting

12:57:58 ERROR An exception occured
Traceback (most recent call last):
  File "/omd/sites/mysite/lib/python3/cmk/cee/dcd/connectors/piggyback.py", line 229, in _execute_phase2
    cmk_hosts = self._web_api.get_all_hosts()
  File "/omd/sites/mysite/lib/python3/cmk/cee/dcd/web_api.py", line 224, in get_all_hosts
    resp = self._session.get("/domain-types/host_config/collections/all")
  File "/omd/sites/mysite/lib/python3.9/site-packages/requests/sessions.py", line 600, in get
    return self.request("GET", url, **kwargs)
  File "/omd/sites/stepit/lib/python3/cmk/cee/dcd/web_api.py", line 142, in request
    raise MKAPIError(f"{response.text} (URL: {url})")
cmk.cee.dcd.web_api.MKAPIError: {"title": "You need to be authenticated to use the REST API.", "status": 401} (URL: http://localhost:5000/mysite/check_mk/api/1.0/domain-types/host_config/collections/all)

Can someone help ?

Raf · March 27, 2023, 1:38pm

OK i think this can be closed , problem is that automation user cannot have password

“You create an automation user like a normal user, but do not assign a normal password, but instead an automation password (Automation secret). This password can be generated automatically with the random cube option:”

after selecting automation secret for machine account it stop throwing an error , i guess idea is that user doesn’t have to authenticate …

JoeDuog · June 12, 2023, 8:53am

how i can get this secret ?