RAW: Recurring scheduled downtimes workaround using rest api, bash & cron

Following workaround for raw users might be a no no to share, since recurring scheduled downtimes is an enterprise feature. If indeed not appreciated, just remove the topic.

Warning: I am a newbie regarding rest api, bash scripting & cron so following might be done better or may impose risks. But made this today, tested it and seems to be working. (-:

Using Checkmk Raw Edition 2.1.0p5 on Ubuntu 20.04.

Based on Help | Developer resources | REST API Documentation | Downtimes | Create a host related scheduled downtime, I adjusted the code example in following bash script. I named it downtime.sh


#!/bin/bash
# bash downtime.sh host "start datetime string" "stop datetime string" "comment"
DT_HOST=$1
DT_START=$2
DT_STOP=$3
DT_TXT=$4

HOST_NAME="[chkmk_host]"
SITE_NAME="[site]"
API_URL="http://$HOST_NAME/$SITE_NAME/check_mk/api/1.0"

USERNAME="[user]"
PASSWORD="[password]"

# This schema has multiple variations. Please refer to the
# 'Payload' section for details.
http --ignore-stdin POST "$API_URL/domain-types/downtime/collections/host" \
    "Authorization: Bearer $USERNAME $PASSWORD" \
    "Accept: application/json" \
    'Content-Type:application/json' \
    start_time=$(date -Is --date="$DT_START") \
    end_time=$(date -Is --date="$DT_STOP") \
    recur='fixed' \
    duration='0' \
    comment="$DT_TXT" \
    downtime_type='host' \
    host_name=$DT_HOST \

In above script change [chkmk_host], [site], [user] and [password] for the values on your server. During testing, I used the main adminstrator account. You might want to make a seperate user for it, since password is readable in script.

Package httpie wasn’t installed on my server, so I had to do that first.

$(date -Is --date="$DT_START") makes it possible to feed script human readable date time strings and have it converted in ISO 8601 format.

--ignore-stdin was added to http due to following error when I tried to run script from cron:
http: error: Request body (from stdin or a file) and request data (key=value) cannot be mixed. Pass --ignore-stdin to let key/value take priority.

Running it from command you might get errors as output, but in cron no go, so following command is used to run script and log the output:
bash /pathto/script/downtime.sh host "next Friday 06:30" "next Friday 17:30" "downtime comment" >> /pathto/log/downtime.log 2>&1

And in cron, I used crontab of root during testing, scheduled for every Sunday afternoon, calling script scheduling the downtime for coming week:
0 13 * * sun bash /pathto/script/downtime.sh host "next Friday 06:30" "next Friday 17:30" "downtime comment" >> /pathto/log/downtime.log 2>&1

Script might be expanded by also adding duration and downtime_type as arguments, but I had no use for it now, so skipped that. Adding recur has no use for raw, since enterprise is needed to use anything other than fixed value.

Enjoy!

1 Like

After creation of above script I secured webinterface with https.
So ‘suddenly’ my script wasn’t working anymore and my log filled with redirect messages:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://[chkmk_host]/[site]/check_mk/api/1.0/domain-types/downtime/collections/host">here</a>.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at localhost Port 80</address>
</body></html>

So, in script you should at least change API_URL="http:// into API_URL="https:// if you got your webinterface secured.

Also some additional arguments to http package, what I am trying to figure out at the moment… (-:

SSL flavours
Various flavours with SSL are possible: ignoring, official and self signed certification. Also the certification can be bundled. Below flavours are with unbundled certification.
Maybe a future version have the various flavours including no SSL combined in 1 bash script, but my bash scripting knowledge is not there yet.

Ignoring certification
Tested and working on my server.


#!/bin/bash
# bash downtime.sh host "start datetime string" "stop datetime string" "comment"
DT_HOST=$1
DT_START=$2
DT_STOP=$3
DT_TXT=$4

HOST_NAME="[chkmk_host]"
SITE_NAME="[site]"
API_URL="https://$HOST_NAME/$SITE_NAME/check_mk/api/1.0"

USERNAME="[user]"
PASSWORD="[password]"

# This schema has multiple variations. Please refer to the
# 'Payload' section for details.
http --ignore-stdin --verify=false POST "$API_URL/domain-types/downtime/collections/host" \
    "Authorization: Bearer $USERNAME $PASSWORD" \
    "Accept: application/json" \
    'Content-Type:application/json' \
    start_time=$(date -Is --date="$DT_START") \
    end_time=$(date -Is --date="$DT_STOP") \
    recur='fixed' \
    duration='0' \
    comment="$DT_TXT" \
    downtime_type='host' \
    host_name=$DT_HOST \

Changes compared to original:

  • API_URL="http changed into API_URL="https
  • http --ignore-stdin POST changed into http --ignore-stdin --verify=false POST

Official certification
Untested but should be working according to docs of module HTTPie.


#!/bin/bash
# bash downtime.sh host "start datetime string" "stop datetime string" "comment"
DT_HOST=$1
DT_START=$2
DT_STOP=$3
DT_TXT=$4

HOST_NAME="[chkmk_host]"
SITE_NAME="[site]"
API_URL="https://$HOST_NAME/$SITE_NAME/check_mk/api/1.0"
SSL_CRT="/[pathtoclientcertification].crt"
SSL_KEY="/[pathtoclientcertificationkey].key"

USERNAME="[user]"
PASSWORD="[password]"

# This schema has multiple variations. Please refer to the
# 'Payload' section for details.
http --ignore-stdin --cert=$SSL_CRT --cert-key=$SSL_KEY POST "$API_URL/domain-types/downtime/collections/host" \
    "Authorization: Bearer $USERNAME $PASSWORD" \
    "Accept: application/json" \
    'Content-Type:application/json' \
    start_time=$(date -Is --date="$DT_START") \
    end_time=$(date -Is --date="$DT_STOP") \
    recur='fixed' \
    duration='0' \
    comment="$DT_TXT" \
    downtime_type='host' \
    host_name=$DT_HOST \

Change [pathtoclientcertification] and [pathtoclientcertificationkey] to path with file for the client side SSL certification and key.

Changes compared to Ignoring certification:

  • added lines starting with SSL_CRT and SSL_KEY
  • http --ignore-stdin --verify=false POST changed into http --ignore-stdin --cert=$SSL_CRT --cert-key=$SSL_KEY POST

Self signed certification
Module HTTPie needs the CA certification crt file to verify self signed certificates.
Tested and working on my server.


#!/bin/bash
# bash downtime.sh host "start datetime string" "stop datetime string" "comment"
DT_HOST=$1
DT_START=$2
DT_STOP=$3
DT_TXT=$4

HOST_NAME="[chkmk_host]"
SITE_NAME="[site]"
API_URL="https://$HOST_NAME/$SITE_NAME/check_mk/api/1.0"
SSL_CRT="/[pathtoclientcertification].crt"
SSL_KEY="/[pathtoclientcertificationkey].key"
SSL_CA="/[pathtocacertification].crt"

USERNAME="[user]"
PASSWORD="[password]"

# This schema has multiple variations. Please refer to the
# 'Payload' section for details.
http --ignore-stdin --verify=$SSL_CA --cert=$SSL_CRT --cert-key=$SSL_KEY POST "$API_URL/domain-types/downtime/collections/host" \
    "Authorization: Bearer $USERNAME $PASSWORD" \
    "Accept: application/json" \
    'Content-Type:application/json' \
    start_time=$(date -Is --date="$DT_START") \
    end_time=$(date -Is --date="$DT_STOP") \
    recur='fixed' \
    duration='0' \
    comment="$DT_TXT" \
    downtime_type='host' \
    host_name=$DT_HOST \

Change [pathtocacertification] to path with file for the CA SSL certification.

Changes compared to Official certification:

  • added line starting with SSL_CA
  • http --ignore-stdin --cert changed into http --ignore-stdin --verify=$SSL_CA --cert