Jira ITSM Notification

leosmarek · April 10, 2022, 5:25am

Hello all,
We wanted to integrate CheckMK with Jira as alert destination. However, the plugin offers only Basic authentication which was deprecated by Jira and its no longer usable.
Is there any way/plan to upgrade the integration?

Thanks

andreas-doehler · April 10, 2022, 3:44pm

I don’t know what’s planned from the Munich team but you can fix it easily for yourself in the meantime.

Inside the “jira_issues.py” you can find two lines →

basic_auth=(context['PARAMETER_USERNAME'], context['PARAMETER_PASSWORD'])

if they are changed to

token_auth=('email', 'API token')

if cloud hosted or without the ‘email’ parameter if self hosted.

leosmarek · April 11, 2022, 4:29am

Hi,
not sure if I understand correctly, this is what I did. In /opt/omd/versions/2.0.0p17.cfe/lib/python3/cmk/cee/notification_plugins/jira_issues.py I have changed these lines to your suggestion

if "PARAMETER_IGNORE_SSL" in context:
        sys.stdout.write("Unverified HTTPS request warnings are ignored. Use with caution.\n")
        jira = JIRA(server=context['PARAMETER_URL'],
                    token_auth=('email', 'API token')
                    options={'verify': False})
    else:
        jira = JIRA(server=context['PARAMETER_URL'],
                    token_auth=('email', 'API token')

but the GUI still asks for username and password. When I enter email and API key, the notification fails with Syntax error.

What am I missing?
Thanks

andreas-doehler · April 11, 2022, 5:31am

If you modified the code as shown then it will not work. You need to “hard code” your email and your API token. Inside the GUI the username and password are not relevant anymore, you can use what you want there.
I have found here at the Jira module documentation 2. Examples — jira-python 3.1.2.dev46+g97ed6d7 documentation
some good information, for Jira cloud you should use the “basic_auth= (username, api_token)”

If this is like it is written there, you can keep the original code version and only have to use the “api_token” instead of the old password.

leosmarek · April 11, 2022, 5:55am

Thanks, ill try that later. Basic authentication was deprecated by Jira already
https://developer.atlassian.com/cloud/confluence/deprecation-notice-basic-auth/

leosmarek · April 11, 2022, 6:40am

If I do it like this

if "PARAMETER_IGNORE_SSL" in context:
        sys.stdout.write("Unverified HTTPS request warnings are ignored. Use with caution.\n")
        jira = JIRA(server=context['PARAMETER_URL'],
                    auth_jira = JIRA(basic_auth=('xxx@hotmail.com', 'xxx')),
                    options={'verify': False})
    else:
        jira = JIRA(server=context['PARAMETER_URL'],
                    auth_jira = JIRA(basic_auth=('xxx@hotmail.com', 'xxxx'))

I still get invalid syntax… Sorry a bit newbie here with this

andreas-doehler · April 11, 2022, 6:44am

Only basic_auth with username and password.
In the article is written you should use basic_auth with username and API token.

leosmarek · April 11, 2022, 7:09am

Next point says it might also by the way I posted… anyway, tried, syntax error.
Let me try that again later from scratch.

Thanks so far.

elias.voelker · April 11, 2022, 7:54am

At the risk of saying something stupid: But that deprecation notice talks only about Confluence. Does it affect other Jira products as well?

andreas-doehler · April 11, 2022, 8:02am

@elias.voelker
this Deprecation notice - Basic authentication with passwords and cookie-based authentication is the same notice for Jira

Marius_Pana2 · April 15, 2022, 9:05am

Hi,

I understand their deprecation and their recommendation:

For Jira Cloud use the basic_auth= (username, api_token) authentication

I’ve done that, as well as adding skip SSL verification yet we still get the following:

2022-04-15 08:45:50,092 [20] [cmk.base.notify]      Output: WARNING:root:HTTPSConnectionPool(host='spearheads.atlassian.net', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))) while doing GET https://spearheads.atlassian.net/rest/api/2/serverInfo [{'params': None, 'headers': {'User-Agent': 'python-requests/2.27.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json,*.*;q=0.9', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache', 'Content-Type': 'application/json', 'X-Atlassian-Token': 'no-check'}}]
2022-04-15 08:45:50,093 [20] [cmk.base.notify]      Output: WARNING:root:Got ConnectionError [HTTPSConnectionPool(host='spearheads.atlassian.net', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))] errno:None on GET https://spearheads.atlassian.net/rest/api/2/serverInfo
2022-04-15 08:45:50,093 [20] [cmk.base.notify]      Output: {'response': None, 'request': <PreparedRequest [GET]>}\{'response': None, 'request': <PreparedRequest [GET]>}
2022-04-15 08:45:50,093 [20] [cmk.base.notify]      Output: WARNING:root:Got recoverable error from GET https://spearheads.atlassian.net/rest/api/2/serverInfo, will retry [2/3] in 28.688452525872815s. Err: HTTPSConnectionPool(host='spearheads.atlassian.net', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))

Ive also updated to use mozilla latest cacerts, hardcoded verify=False in all calls with the same result. On other systems we get wonky errors such as 400 b, etc. We never had luck with the Jira or Opsgenie notifications on any platform so we used the following which I highly recommend although it is bit more work to get working, Hoewever, once it is in place it is extremely low to no maintenance and quite flexible.

Option 1 if you have opsgenie:

We found that using the official Atlassian opsgenie integration works and if using ITSM/JSM cloud products we can integrate opsgenie with jira and get notification/alerting/incident management working.

Option 2
Create a notification script that uses the rest api (v2) and create siple curl calls. Their documentation does a decent job here, you just need to create the shell script and add your own variables.

Cheers

cjcox · April 18, 2022, 4:08pm

Can’t speak for this checkmk plugin, but I make Jira requests from python code all the time. But… it’s with api v3, not v2.

Url maybe needs to be something like: https://spearheads.atlassian.net/rest/api/3/…

leosmarek · October 11, 2022, 6:53pm

Hi,
didnt have time for this topic for a while.
Would you happen to have some alert script that you could share? Not rly a python guy and dont want to reinvent the wheel as well.
Cheers

cjcox · October 11, 2022, 7:36pm

We don’t do what you’re asking, just making a comment that I could probably do this.

To make Jira requests you have to get an api token. These are done on a per user a basis and when making a Jira api call you would use this in basic auth for the password.

In Atlassian Jira, go to your account Manage Your Account → Security and you’ll see where you can create an API token.

leosmarek · October 13, 2022, 3:30am

Sorry, then I misunderstood your previous comment. I though you already have something that could be just copy/pasted.
Yea I know how to work with Jira. I tried to make this work with the built in notification for Jira but it failed.
Will give it another try and if needed ask for help.
Thanks

foobar · October 13, 2022, 7:34am

Any plans to fix it? Seems to be still not fixed

shresu · March 3, 2023, 3:02am

Is this issue still ongoing? I tried to integrate Jira in Check MK CEE but couldn’t enter the api.

system · March 2, 2024, 3:02am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.