search

Icinga / icinga2

The core of our monitoring platform with a powerful configuration language and REST API.
https://icinga.com/docs/icinga2/latest
GNU General Public License v2.0
1.98k stars 570 forks source link

Icinga2 Service fails when a service is created via the API for a host that doesn't exist #10031

Open kidzeivo opened 3 months ago

kidzeivo commented 3 months ago

Describe the bug

Adding a service to a host that does not exist in icinga2 via the api adds the service and causes the icinga2 to fail.

To Reproduce

Provide a link to a live example, or an unambiguous set of steps to reproduce this bug. Include configuration, logs, etc. to reproduce, if relevant.

  1. Send a put request to icinga2 api to add a service on a host that does not exist 
    curl -k -u user:password -X PUT 'https://localhost:5665/v1/objects/services/hostname.com!ssh'  -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"templates":["service-template"],"attrs":{"check_command":"check_ssh","display_name":"SSH","vars":{"port":"22","notification_type":"email"}}}'

    Expected behavior

Icinga2 should error and not add the service causing icinga2 to fail.

{"results":[{"code":500.0,"errors":["Error: Validation failed for object 'hostname.com!ssh' of type 'Service'; Attribute 'host_name': Object 'hostname.com' of type 'Host' does not exist.\nLocation: in /var/lib/icinga2/api/packages/_api/localhost-1495214738-1/conf.d/services/hostname.com!ssh.conf: 6:2-6:37"],"status":"Object could not be created."}]

Your Environment

Copyright (c) 2012-2024 Icinga GmbH (https://icinga.com/) License GPLv2+: GNU GPL version 2 or later https://gnu.org/licenses/gpl2.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

System information: Platform: Ubuntu Platform version: 22.04.4 LTS (Jammy Jellyfish) Kernel: Linux Kernel version: 5.15.0-100-generic Architecture: x86_64

Build information: Compiler: GNU 11.4.0 Build host: runner-hh8q3bz2-project-575-concurrent-0 OpenSSL version: OpenSSL 3.0.2 15 Mar 2022

Application information:

General paths: Config directory: /etc/icinga2 Data directory: /var/lib/icinga2 Log directory: /var/log/icinga2 Cache directory: /var/cache/icinga2 Spool directory: /var/spool/icinga2 Run directory: /run/icinga2

Old paths (deprecated): Installation root: /usr Sysconf directory: /etc Run directory (base): /run Local state directory: /var

Internal paths: Package data directory: /usr/share/icinga2 State path: /var/lib/icinga2/icinga2.state Modified attributes path: /var/lib/icinga2/modified-attributes.conf Objects path: /var/cache/icinga2/icinga2.debug Vars path: /var/cache/icinga2/icinga2.vars PID path: /run/icinga2/icinga2.pid

julianbrost commented 3 months ago

Icinga2 should error and not add the service causing icinga2 to fail.

What exactly do you mean by fail?

{"results":[{"code":500.0,"errors":["Error: Validation failed for object 'hostname.com!ssh' of type 'Service'; Attribute 'host_name': Object 'hostname.com' of type 'Host' does not exist.\nLocation: in /var/lib/icinga2/api/packages/_api/localhost-1495214738-1/conf.d/services/hostname.com!ssh.conf: 6:2-6:37"],"status":"Object could not be created."}]

That looks like an error you'll receive as an API response when attempting to create a service on a non-existing host. What behavior would you expect instead?

kidzeivo commented 3 months ago

That is the error I received on an older version of icinga2 (icinga2 - The Icinga 2 network monitoring daemon (version: r2.10.5-1)). I expected the new version to behave the same.

julianbrost commented 3 months ago

So what exactly is the behavior with 2.14.2? I'm missing a description of that behavior, that's probably why I overlooked that you wrote this under "expected behavior".

kidzeivo commented 3 months ago

You should be able to recreate the bug if you run the following 2 commands:

  1. Create a host via the API to a hostgroup that does not exist curl -k -u user:password -X PUT 'https://localhost:5665/v1/objects/hosts/hostname1' -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"attrs":{"groups":["NoGroup"],"display_name":"hostname1","vars":{"host_name":"hostname1"}}, "templates":["generic-host"]}'

{"results":[{"code":500,"errors":["Error: Validation failed for object 'hostname1' of type 'Host'; Attribute 'groups': Object 'NoGroup' of type 'HostGroup' does not exist.\nLocation: in /var/lib/icinga2/api/packages/_api/e55a066a-19ab-4f1a-aa62-b2304fb5d858/conf.d/hosts/hostname1.conf: 5:2-5:23"],"status":"Object could not be

  1. Create a service on the host above hostname1 even though it is not in icinga2 curl -k -u user:password -X PUT 'https://localhost:5665/v1/objects/services/hostname1!ssh' -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"templates":["generic-service"],"attrs":{"check_command":"ssh","display_name":"SSH"}}' curl: (56) OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0

The service file is created in icinga2 even though host does not exist. This causes the icinga2 service to fail.

[development] /var/lib/icinga2/api/packages/_api/e55a066a-19ab-4f1a-aa62-b2304fb5d858/conf.d/services # ls 'hostname1!ssh.conf'

yhabteab commented 2 months ago

The service file is created in icinga2 even though host does not exist. This causes the icinga2 service to fail.

[development] /var/lib/icinga2/api/packages/_api/e55a066a-19ab-4f1a-aa62-b2304fb5d858/conf.d/services # ls 'hostname1!ssh.conf

The config in that file should have something like object Service "ssh" ignore_on_error { which tells the Icinga 2 service not to fail/crash if the object could not be loaded/created successfully, and that file will be removed the next time the Icinga 2 service is reloaded/restarted. So, if your Icinga 2 service fails to start, it is definitely not due to this misconfigured config/file and it would also be helpful if you would share the errors you received when starting Icinga 2 instead of just saying This causes the Icinga 2 service to fail.