Icinga2 Service fails when a service is created via the API for a host that doesn't exist

[kidzeivo]

Describe the bug

Adding a service to a host that does not exist in icinga2 via the api adds the service and causes the icinga2 to fail.

To Reproduce

Provide a link to a live example, or an unambiguous set of steps to reproduce this bug. Include configuration, logs, etc. to reproduce, if relevant.

1. Send a put request to icinga2 api to add a service on a host that does not exist

   curl -k -u user:password -X PUT 'https://localhost:5665/v1/objects/services/hostname.com!ssh'  -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"templates":["service-template"],"attrs":{"check_command":"check_ssh","display_name":"SSH","vars":{"port":"22","notification_type":"email"}}}'

   Expected behavior

Icinga2 should error and not add the service causing icinga2 to fail.

{"results":[{"code":500.0,"errors":["Error: Validation failed for object 'hostname.com!ssh' of type 'Service'; Attribute 'host_name': Object 'hostname.com' of type 'Host' does not exist.\nLocation: in /var/lib/icinga2/api/packages/_api/localhost-1495214738-1/conf.d/services/hostname.com!ssh.conf: 6:2-6:37"],"status":"Object could not be created."}]

Your Environment

• Version used (icinga2 --version): *icinga2 - The Icinga 2 network monitoring daemon (version: r2.14.2-1)

Copyright (c) 2012-2024 Icinga GmbH (https://icinga.com/) License GPLv2+: GNU GPL version 2 or later https://gnu.org/licenses/gpl2.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

System information: Platform: Ubuntu Platform version: 22.04.4 LTS (Jammy Jellyfish) Kernel: Linux Kernel version: 5.15.0-100-generic Architecture: x86_64

Build information: Compiler: GNU 11.4.0 Build host: runner-hh8q3bz2-project-575-concurrent-0 OpenSSL version: OpenSSL 3.0.2 15 Mar 2022

Application information:

General paths: Config directory: /etc/icinga2 Data directory: /var/lib/icinga2 Log directory: /var/log/icinga2 Cache directory: /var/cache/icinga2 Spool directory: /var/spool/icinga2 Run directory: /run/icinga2

Old paths (deprecated): Installation root: /usr Sysconf directory: /etc Run directory (base): /run Local state directory: /var

Internal paths: Package data directory: /usr/share/icinga2 State path: /var/lib/icinga2/icinga2.state Modified attributes path: /var/lib/icinga2/modified-attributes.conf Objects path: /var/cache/icinga2/icinga2.debug Vars path: /var/cache/icinga2/icinga2.vars PID path: /run/icinga2/icinga2.pid

• Operating System and version: Distributor ID: Ubuntu Description: Ubuntu 22.04.4 LTS Release: 22.04 Codename: jammy

• Enabled features (icinga2 feature list): Disabled features: command compatlog debuglog elasticsearch gelf graphite influxdb influxdb2 journald livestatus notification opentsdb perfdata syslog Enabled features: api checker icingadb ido-mysql mainlog

• Icinga Web 2 version and modules (System - About): Icinga Web 2 Version 2.12.1 Git commit cd2daeb2cb8537c633d343a29eb76c54cd2ebbf2 PHP Version 8.3.4 Git commit date 2023-11-15 Get Icinga Support Icinga Community Report a bug Icinga Documentation Loaded Libraries icinga/icinga-php-library 0.13.1 icinga/icinga-php-thirdparty 0.12.1 Loaded Modules director 1.11.1 Configure icingadb 1.1.1 Configure incubator 0.22.0 Configure monitoring 2.12.1 Configure setup 2.12.1 Configure

• Config validation (icinga2 daemon -C): [2024-03-22 13:37:53 -0400] information/cli: Icinga application loader (version: r2.14.2-1) [2024-03-22 13:37:53 -0400] information/cli: Loading configuration file(s). [2024-03-22 13:37:53 -0400] information/ConfigItem: Committing config item(s). [2024-03-22 13:37:53 -0400] warning/ApiListener: Attribute 'key_path' for object 'api' of type 'ApiListener' is deprecated and should not be used. [2024-03-22 13:37:53 -0400] warning/ApiListener: Attribute 'ca_path' for object 'api' of type 'ApiListener' is deprecated and should not be used. [2024-03-22 13:37:53 -0400] warning/ApiListener: Attribute 'cert_path' for object 'api' of type 'ApiListener' is deprecated and should not be used. [2024-03-22 13:37:53 -0400] warning/ApiListener: Please read the upgrading documentation for v2.8: https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/ [2024-03-22 13:37:53 -0400] information/ApiListener: My API identity: localhost [2024-03-22 13:37:53 -0400] warning/ApplyRule: Apply rule 'email-notification' (in /etc/icinga2/conf.d/notifications.conf: 77:1-77:54) for type 'Notification' does not match anywhere! [2024-03-22 13:37:53 -0400] warning/ApplyRule: Apply rule 'apt' (in /etc/icinga2/conf.d/apt.conf: 1:0-1:18) for type 'Service' does not match anywhere! [2024-03-22 13:37:53 -0400] warning/ApplyRule: Apply rule 'ping6' (in /etc/icinga2/conf.d/services.conf: 34:1-34:21) for type 'Service' does not match anywhere! [2024-03-22 13:37:53 -0400] warning/ApplyRule: Apply rule '' (in /etc/icinga2/conf.d/services.conf: 57:1-57:65) for type 'Service' does not match anywhere! [2024-03-22 13:37:53 -0400] warning/ApplyRule: Apply rule '' (in /etc/icinga2/conf.d/services.conf: 65:1-65:53) for type 'Service' does not match anywhere! [2024-03-22 13:37:53 -0400] warning/ApplyRule: Apply rule 'icinga' (in /etc/icinga2/conf.d/services.conf: 73:1-73:22) for type 'Service' does not match anywhere! [2024-03-22 13:37:53 -0400] warning/ApplyRule: Apply rule 'load' (in /etc/icinga2/conf.d/services.conf: 81:1-81:20) for type 'Service' does not match anywhere! [2024-03-22 13:37:53 -0400] warning/ApplyRule: Apply rule 'procs' (in /etc/icinga2/conf.d/services.conf: 92:1-92:21) for type 'Service' does not match anywhere! [2024-03-22 13:37:53 -0400] warning/ApplyRule: Apply rule 'swap' (in /etc/icinga2/conf.d/services.conf: 100:1-100:20) for type 'Service' does not match anywhere! [2024-03-22 13:37:53 -0400] warning/ApplyRule: Apply rule 'users' (in /etc/icinga2/conf.d/services.conf: 108:1-108:21) for type 'Service' does not match anywhere! [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 4 NotificationCommands. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 13 Notifications. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 1 IcingaApplication. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 3 Hosts. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 16 EventCommands. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 1 IcingaDB. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 1 FileLogger. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 1 IdoMysqlConnection. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 3 Zones. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 1 CheckerComponent. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 1 User. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 1 Endpoint. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 3 ApiUsers. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 1 ApiListener. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 313 CheckCommands. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 1 UserGroup. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 3 TimePeriods. [2024-03-22 13:37:53 -0400] information/ConfigItem: Instantiated 18 Services. [2024-03-22 13:37:53 -0400] information/ScriptGlobal: Dumping variables to file '/var/cache/icinga2/icinga2.vars' [2024-03-22 13:37:53 -0400] information/cli: Finished validating the configuration file(s).

[julianbrost]

Icinga2 should error and not add the service causing icinga2 to fail.

What exactly do you mean by fail?

{"results":[{"code":500.0,"errors":["Error: Validation failed for object 'hostname.com!ssh' of type 'Service'; Attribute 'host_name': Object 'hostname.com' of type 'Host' does not exist.\nLocation: in /var/lib/icinga2/api/packages/_api/localhost-1495214738-1/conf.d/services/hostname.com!ssh.conf: 6:2-6:37"],"status":"Object could not be created."}]

That looks like an error you'll receive as an API response when attempting to create a service on a non-existing host. What behavior would you expect instead?

[kidzeivo]

That is the error I received on an older version of icinga2 (icinga2 - The Icinga 2 network monitoring daemon (version: r2.10.5-1)). I expected the new version to behave the same.

[julianbrost]

So what exactly is the behavior with 2.14.2? I'm missing a description of that behavior, that's probably why I overlooked that you wrote this under "expected behavior".

[kidzeivo]

You should be able to recreate the bug if you run the following 2 commands:

1. Create a host via the API to a hostgroup that does not exist curl -k -u user:password -X PUT 'https://localhost:5665/v1/objects/hosts/hostname1' -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"attrs":{"groups":["NoGroup"],"display_name":"hostname1","vars":{"host_name":"hostname1"}}, "templates":["generic-host"]}'

{"results":[{"code":500,"errors":["Error: Validation failed for object 'hostname1' of type 'Host'; Attribute 'groups': Object 'NoGroup' of type 'HostGroup' does not exist.\nLocation: in /var/lib/icinga2/api/packages/_api/e55a066a-19ab-4f1a-aa62-b2304fb5d858/conf.d/hosts/hostname1.conf: 5:2-5:23"],"status":"Object could not be

2. Create a service on the host above hostname1 even though it is not in icinga2 curl -k -u user:password -X PUT 'https://localhost:5665/v1/objects/services/hostname1!ssh' -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"templates":["generic-service"],"attrs":{"check_command":"ssh","display_name":"SSH"}}' curl: (56) OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0

The service file is created in icinga2 even though host does not exist. This causes the icinga2 service to fail.

[development] /var/lib/icinga2/api/packages/_api/e55a066a-19ab-4f1a-aa62-b2304fb5d858/conf.d/services # ls 'hostname1!ssh.conf'

[yhabteab]

The service file is created in icinga2 even though host does not exist. This causes the icinga2 service to fail.

[development] /var/lib/icinga2/api/packages/_api/e55a066a-19ab-4f1a-aa62-b2304fb5d858/conf.d/services # ls 'hostname1!ssh.conf

The config in that file should have something like object Service "ssh" ignore_on_error { which tells the Icinga 2 service not to fail/crash if the object could not be loaded/created successfully, and that file will be removed the next time the Icinga 2 service is reloaded/restarted. So, if your Icinga 2 service fails to start, it is definitely not due to this misconfigured config/file and it would also be helpful if you would share the errors you received when starting Icinga 2 instead of just saying This causes the Icinga 2 service to fail.

[yhabteab]

No reaction from OP, so I'm closing it!