Hello Everyone,
since there is a need to register the agents at the Server for checkmk 2.1.0, I wanted to do that with an automation user and ansible.
I cannot really find any documentation on which permissions are needed at a minimum to allow registration with a automation user.
I already had one set up for registering agents for updates, but seems to be not enough.
After getting the error: Request failed with code 403 Forbidden: You do not have the permission for agent pairing.
I added the agent pairing permission to the role.
This still does not seem to work, but now I just get a 500 error. When checking the error logs from the Site’s Apache, this comes up:
[Mon May 30 14:34:18.777028 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] mod_wsgi (pid=1590888): Exception occurred processing WSGI script '/omd/sites/office_int/share/check_mk/web/app/index.wsgi'.
[Mon May 30 14:34:18.777992 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] Traceback (most recent call last):
[Mon May 30 14:34:18.778165 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/wsgi/applications/rest_api.py", line 483, in _wsgi_app
[Mon May 30 14:34:18.778222 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] return wsgi_app(environ, start_response)
[Mon May 30 14:34:18.778285 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/wsgi/applications/rest_api.py", line 240, in __call__
[Mon May 30 14:34:18.778334 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] wsgi_app = self.endpoint.wrapped(ParameterDict(path_args))
[Mon May 30 14:34:18.778378 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/plugins/openapi/restful_objects/decorators.py", line 809, in _wrapper
[Mon May 30 14:34:18.778413 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] response = func(param)
[Mon May 30 14:34:18.778469 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/plugins/openapi/restful_objects/decorators.py", line 695, in _validating_wrapper
[Mon May 30 14:34:18.778519 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] response = self.func(_params)
[Mon May 30 14:34:18.778566 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/plugins/openapi/endpoints/host_internal.py", line 70, in link_with_uuid
[Mon May 30 14:34:18.778613 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] host = _check_host_editing_permissions(host_name := params["host_name"])
[Mon May 30 14:34:18.778673 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/plugins/openapi/endpoints/host_internal.py", line 32, in _check_host_editing_permissions
[Mon May 30 14:34:18.778736 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] host.need_permission("write")
[Mon May 30 14:34:18.778783 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/watolib/hosts_and_folders.py", line 191, in need_permission
[Mon May 30 14:34:18.778816 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] self._user_needs_permission(how)
[Mon May 30 14:34:18.778882 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/watolib/hosts_and_folders.py", line 3320, in _user_needs_permission
[Mon May 30 14:34:18.778931 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] user.need_permission("wato.edit_hosts")
[Mon May 30 14:34:18.778975 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/utils/logged_in.py", line 380, in need_permission
[Mon May 30 14:34:18.779009 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] if not self.may(pname):
[Mon May 30 14:34:18.779054 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/utils/logged_in.py", line 369, in may
[Mon May 30 14:34:18.779087 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] raise PermissionError(
[Mon May 30 14:34:18.779140 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] PermissionError: Required permissions not declared for this endpoint.
[Mon May 30 14:34:18.779179 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] Endpoint: <Endpoint cmk.gui.plugins.openapi.endpoints.host_internal:link_with_uuid>
[Mon May 30 14:34:18.779200 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] Permission: wato.edit_hosts
[Mon May 30 14:34:18.779222 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] Used permission: {'wato.edit_hosts', 'wato.all_folders'}
[Mon May 30 14:34:18.779250 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] Declared: {wato.all_folders}
[Mon May 30 14:34:18.779279 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756]
[Mon May 30 14:34:18.779340 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756]
[Mon May 30 14:34:18.779382 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] During handling of the above exception, another exception occurred:
[Mon May 30 14:34:18.779402 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756]
[Mon May 30 14:34:18.779431 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] Traceback (most recent call last):
[Mon May 30 14:34:18.779552 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/wsgi/profiling.py", line 74, in __call__
[Mon May 30 14:34:18.779591 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] return app(environ, start_response)
[Mon May 30 14:34:18.779620 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/wsgi/middleware.py", line 19, in __call__
[Mon May 30 14:34:18.779646 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] response = self.app(environ, start_response)
[Mon May 30 14:34:18.779688 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/wsgi/middleware.py", line 36, in _add_apache_env
[Mon May 30 14:34:18.779718 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] return app(environ, start_response)
[Mon May 30 14:34:18.779755 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/wsgi/routing.py", line 91, in router
[Mon May 30 14:34:18.779788 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] return endpoint(environ, start_response)
[Mon May 30 14:34:18.779829 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3.9/site-packages/werkzeug/middleware/proxy_fix.py", line 187, in __call__
[Mon May 30 14:34:18.779915 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] return self.app(environ, start_response)
[Mon May 30 14:34:18.779957 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/wsgi/middleware.py", line 54, in __call__
[Mon May 30 14:34:18.779992 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] return self.wsgi_app(environ, start_response)
[Mon May 30 14:34:18.780035 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/wsgi/middleware.py", line 61, in wsgi_app
[Mon May 30 14:34:18.780073 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] return self.app(environ, start_response)
[Mon May 30 14:34:18.780103 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/wsgi/applications/rest_api.py", line 528, in _wsgi_app
[Mon May 30 14:34:18.780132 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] if user.may("general.see_crash_reports"):
[Mon May 30 14:34:18.780171 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3.9/site-packages/werkzeug/local.py", line 432, in __get__
[Mon May 30 14:34:18.780201 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] obj = instance._get_current_object()
[Mon May 30 14:34:18.780238 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3.9/site-packages/werkzeug/local.py", line 554, in _get_current_object
[Mon May 30 14:34:18.780268 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] return self.__local() # type: ignore
[Mon May 30 14:34:18.780307 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] File "/omd/sites/office_int/lib/python3/cmk/gui/globals.py", line 124, in _lookup_req_object
[Mon May 30 14:34:18.780351 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] raise RuntimeError("Working outside of request context.")
[Mon May 30 14:34:18.780397 2022] [wsgi:error] [pid 1590888] [client 127.0.0.1:60756] RuntimeError: Working outside of request context.
This still sounds like some permission issue to me.
When I use the cmkadmin user, the registration succeeds.
Thanks for any hints regarding this issue!
CMK version: 2.1.0 cee
OS version: Ubuntu 20.04.3