[REST API] Activate changes not working: "Currently there are no changes to activate."

Troubleshooting
1

CMK version: 2.1.0p6
OS version: Ubuntu 20.04

Error message: {"title": "The operation has failed.", "status": 422, "detail": "Currently there are no changes to activate."}

I have a automation user called vhost-ctrl. With that user (Authorization: Bearer USER PASS) I write new rules.

After wriring rules, I want to activate the changes by posting {"redirect":false,"sites":[]} to /domain-types/activation_run/actions/activate-changes/invoke.

But the API responses with 422 - No changes to activate. Even without sending sites. Omitting sites should do changes in any site, per documentation. That is what I want to achieve. Specify the right sites does not work either.

But opening the GUI as cmkadmin clearly states the opposite:

grafik
grafik779×273 14.8 KB

What have I forgotten?

Headers for posting to the endpoint:

[
            "Authorization: Bearer USER PASS,
            'Content-Type: application/json'
        ]

Thanks in advance :slight_smile:

2

Does no one use activate changes via REST?

3

Still an issue with p11:

Exception 'Exception' with message 'Activation failed! {"title": "The operation has failed.", "status": 422, "detail": "Currently there are no changes to activate."}' but there are!

4

No change with p12.

/domain-types/activation_run/actions/activate-changes/invoke still returns {"title": "The operation has failed.", "status": 422, "detail": "Currently there are no changes to activate."} but thats not true:

Unbenannt
Unbenannt1254×404 64.2 KB

EDIT: No matter, if I post
{"redirect":false,"force_foreign_changes":false} or
{"redirect":false,"force_foreign_changes":true} or
{"redirect":false,"sites":[],"force_foreign_changes":true}.

5

Issue still persist with 2.1.0p13 :frowning:

6

Hi Robin, can you provide the exact API call you are performing?
Maybe a minimum working example of your code?

7

Hi Robin :slight_smile: Thanks for checking this one.

The request is posted in the initial post - but here again:

Endpoint: http://cmkserver/qlb/check_mk/api/1.0/domain-types/activation_run/actions/activate-changes/invoke
Method: POST
Headers: "Authorization: Bearer User:PW and Content-Type: application/json
Body: {"redirect":false,"sites":[],"force_foreign_changes":true} (tested with empty sites and specified site)

Code is a simple PHP curl one, nothing special.

8

Hi Robin, your call seems to be fine, it works in my environment.
This might be a permission issue. Is the user allowed to activate (foreign) changes?

9

Hi :slight_smile:

The user, who is calling the API:

grafik
grafik1291×38 3.29 KB

It is an admin user, so there should no permission issue.

Anything else, I could test?

10

@robin.gierse Something new? :slight_smile:

To be more clear - there are no foreign changes to activate, it just shows the webUI as cmkadmin. The mentioned vhost_ctrl user is the author of all changes and later CMK should apply its own changes.

So theoretically, foreign changes do not even come to play.

11

I have not seen this issue with other users or customers, so my gut still tells me, it is a local problem at your end. If it is still not resolved, I recommend opening a support ticket, as that enables us to take a look together. From the distance I cannot reproduce your problem in a fresh and current site. Can you? :thinking:

12

I had this issue and could fix it by adding a time.sleep(5) in my python hook:

def activate():
    time.sleep(5)
    request = {
        'redirect': False,
        'sites': [],
        'force_foreign_changes': True
    }
    session = create_session()
    resp = session.post("{}/domain-types/activation_run/actions/activate-changes/invoke".format(APIURL),
            headers={"Content-Type": 'application/json'}, json=request, allow_redirects=True)

    if resp.status_code in {200, 204}:
        return(resp.status_code)
    else:
        raise RuntimeError(pprint.pformat(resp.json()))
13

Like Robin, I have also used the API to successfully activate changes.

What variant of CheckMK are you using? Raw, Enterprise Free, full paid Enterprise, etc
Are you working with a distributed monitoring environment?

14

Thanks for the idea - but no, that does not helped either.

I tested again against p17 (CEE): No change. Even with sleep between changes and the activation. I still get:

Activating changes...No activation needed!
422: {"title": "The operation has failed.", "status": 422, "detail": "Currently there are no changes to activate."}

(All except the SJON string is part of my application).

So I assume I open a ticket.

Yes

15

Someone may have made a change on one or more of the distributed sites. If that happened and you are trying to activate changes on the primary site, then you could get this. All changes need to be made on the primary site and replicated down. As part of our best practices for our installs, we turn off WATO/Setup on the distributed sites.

1 Like
16

That is the case at our setup as well. As documented: all is done via primary site.

17

Some news:

The reason is the type of Auth against the API! Just tested:

Authorization: Bearer - Activation is NOT working
Authorization: Basic - Activation are working

Dont know how that can cause different behavior…

18

Were you using an API key or user:pass pair? the Bearer is typically API token from my off the top of my head memory and basic is u:p pair

19

Doesnt should make differences. The open ticket is already forwarded to dev because the support could partially reproduce the issue.

We‘ll see.

20

Hello,
I ran into exactly this Problem with CheckMK 2.1.0p19 (distributed Monitoring)
Could you ever resolve this?