Closed Artim96 closed 1 month ago
Hi, thanks for reporting!
ERROR: PDOException in /usr/share/icingaweb2/modules/setup/library/Setup/Utils/DbTool.php:477 with message: SQLSTATE[42710]: Duplicate object: 7 ERROR: Type »boolenum« already exists
According to the error message you seem to be using PostgreSQL and apparently you've already imported the schema
! Please try to connect to your existing database in the setup wizard Authentication Backend
section! I don't quite understand why this would happen though. Did you import the schema manually beforehand?
The authentication backend is supposed to be LDAP, as I did configure it in the wizard, not a database. And yes, I did have to import both the schema from /usr/share/icingadb/schema/pgsql/schema.sqland /usr/local/share/icinga2-ido-pgsql/schema/pgsql.sql. The icingadb setup usually fails when that schema isn't applied beforehand and the IDO setup explicitly requires setting up the schema, otherwise warning that the database doesn't have a schema.
Please try to connect to your existing database in the setup wizard
Authentication Backend
section!
Sorry! I mean the Database Resource
section by that not the auth backend.
And yes, I did have to import both the schema from /usr/share/icingadb/schema/pgsql/schema.sqland /usr/local/share/icinga2-ido-pgsql/schema/pgsql.sql.
That is not why the wizard is complaining about, Icinga Web 2 requires its own database and also provides its own schema and if you use the Icinga DB database in the wizard, it will then conflict with Icinga DB's schema. This is the reason why it fails to create the boolenum
type as Icinga DB does this on its own database.
That is not why the wizard is complaining about, Icinga Web 2 requires its own database and also provides its own schema and if you use the Icinga DB database in the wizard, it will then conflict with Icinga DB's schema. This is the reason why it fails to create the
boolenum
type as Icinga DB does this on its own database.
Then the wizard may not be precise enough, or the setup guide for icingadb isn't. At what point during the setup would I need to place which database in the config (one for icingadb, one for icinga-ido and now the one for icinga-web)?
I recommend reading this blog post as I cannot list all the steps of the wizard here.
If a user chooses the IDO we issue a warning: https://github.com/Icinga/icingaweb2/blob/ae9575e7e4763c792956c6623da88ca00a3accbc/modules/setup/application/forms/DbResourcePage.php#L132
We should probably do the same if it's the Icinga DB...
I recommend reading this blog post as I cannot list all the steps of the wizard here.
I'll have a look in the next days, thanks.
I recommend reading this blog post as I cannot list all the steps of the wizard here.
This helped. The package icingadb-web was missing. Adding this made Ido a separate, not needed option.
Now the setup is done, but logging in doesn't work. I configured LDAP as authentication backend and limited it to only members of a certain group. I obviously am a member of that group as it's also used for various other tasks. Also, for some reason, the icinga2.log still contains `[2024-04-08 10:59:09 +0200] information/IdoPgsqlConnection: Finished reconnecting to 'ido-pgsql' database 'icinga2' in 0.0857689 second(s).
Even though I didn't set up ido.
EDIT: the browser console is showing these errors: icinga.log
Could it be that enabling strict content policy in the wizard is causing these? If so, how do I solve the issue without needing to disable the strict content policiy?
Now the setup is done, but logging in doesn't work. I configured LDAP as authentication backend and limited it to only members of a certain group. I obviously am a member of that group as it's also used for various other tasks.
It's hard to guess what's going wrong when logging into Icinga Web 2, if you don't share the exact error you're experiencing.
lso, for some reason, the icinga2.log still contains `[2024-04-08 10:59:09 +0200] information/IdoPgsqlConnection: Finished reconnecting to 'ido-pgsql' database 'icinga2' in 0.0857689 second(s).
This is probably because you have already installed the icinga2-ido-pgsql
feature. If you do not want to use the IDO
in any way, then simply remove it apt remove icinga2-ido-pgsql
and reload the Icinga 2 service.
Now the setup is done, but logging in doesn't work. I configured LDAP as authentication backend and limited it to only members of a certain group. I obviously am a member of that group as it's also used for various other tasks.
It's hard to guess what's going wrong when logging into Icinga Web 2, if you don't share the exact error you're experiencing.
It simply claims username or password are incorrect. That's simply not possible.
I've now taken a further look. I can't see anything being wrong with the ldap config for icinga, also it did all pass the validations. But it looks like the ldap server is never contacted. When running slapd on the remote server with -d -1 (most verbose log level), it doesn't recognize any incomming connection from icinga. So no surprise icingaweb claims failed authentication.
Well, what do the Icinga Web 2 logs say? You will find the logs in the appropriate places depending on how you have configured your logs via Configuration -> Application -> Logging type
.
Well, what do the Icinga Web 2 logs say? You will find the logs in the appropriate places depending on how you have configured your logs via
Configuration -> Application -> Logging type
.
I obviously can't find it in the UI as I can't log in. The log file on the server doesn't say anything about it.
Well, what do the Icinga Web 2 logs say? You will find the logs in the appropriate places depending on how you have configured your logs via
Configuration -> Application -> Logging type
.I obviously can't find it in the UI as I can't log in. The log file on the server doesn't say anything about it.
You can also check the config in /etc/icingaweb2/config.ini
.
That doesn't provide any logs though. For logging I have these setting:
[logging]
log = "syslog"
level = "WARNING"
application = "icingaweb2"
facility = "user"
log = "syslog"
This indicates that Icinga Web 2 is sending its logs to syslog. You should be able to find the logs in /var/log/messages
or /var/log/syslog
.
Also I would set "DEBUG" as severity so that you can see what Icinga Web is trying to do in order to authenticate.
log = "syslog"
This indicates that Icinga Web 2 is sending its logs to syslog. You should be able to find the logs in
/var/log/messages
or/var/log/syslog
.
Can I force icingaweb to log to /var/log/icingaweb2/icingaweb2.log?
log = "syslog"
This indicates that Icinga Web 2 is sending its logs to syslog. You should be able to find the logs in
/var/log/messages
or/var/log/syslog
.
Nothing there, even with DEBUG. The only icinga-related lines are these:
2024-04-15T13:50:19.777331+02:00 maintenance icinga2[2281406]: [2024-04-15 13:50:19 +0200] information/cli: Icinga application loader (version: r2.14.2-1)
2024-04-15T13:50:19.780103+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/cli: Loading configuration file(s).
2024-04-15T13:50:19.836868+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Committing config item(s).
2024-04-15T13:50:19.842830+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ApiListener: My API identity: maintenance.fsmuw.rwth-aachen.de
2024-04-15T13:50:19.894252+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 2 NotificationCommands.
2024-04-15T13:50:19.894374+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 13 Notifications.
2024-04-15T13:50:19.894423+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 IcingaApplication.
2024-04-15T13:50:19.894476+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 2 HostGroups.
2024-04-15T13:50:19.894527+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 Host.
2024-04-15T13:50:19.894578+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 Downtime.
2024-04-15T13:50:19.894629+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 IcingaDB.
2024-04-15T13:50:19.894681+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 FileLogger.
2024-04-15T13:50:19.894732+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 3 Zones.
2024-04-15T13:50:19.894799+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 CheckerComponent.
2024-04-15T13:50:19.894855+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 User.
2024-04-15T13:50:19.894907+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 Endpoint.
2024-04-15T13:50:19.894958+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 ApiUser.
2024-04-15T13:50:19.895010+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 ApiListener.
2024-04-15T13:50:19.895056+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 NotificationComponent.
2024-04-15T13:50:19.895113+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 246 CheckCommands.
2024-04-15T13:50:19.895164+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 UserGroup.
2024-04-15T13:50:19.895215+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 3 ServiceGroups.
2024-04-15T13:50:19.895267+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 3 TimePeriods.
2024-04-15T13:50:19.895318+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 1 ScheduledDowntime.
2024-04-15T13:50:19.895370+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ConfigItem: Instantiated 12 Services.
2024-04-15T13:50:19.895421+02:00 maintenance icinga2[2281436]: [2024-04-15 13:50:19 +0200] information/ScriptGlobal: Dumping variables to file '/var/cache/icinga2/icing\
a2.vars'
2024-04-15T13:50:19.908109+02:00 maintenance icinga2[2281406]: [2024-04-15 13:50:19 +0200] information/cli: Closing console log.
log = "syslog"
This indicates that Icinga Web 2 is sending its logs to syslog. You should be able to find the logs in
/var/log/messages
or/var/log/syslog
.Can I force icingaweb to log to /var/log/icingaweb2/icingaweb2.log?
You can replace the [logging]
section in /etc/icingaweb2/config.ini
with the following config.
[logging]
log = "file"
level = "DEBUG"
file = "/var/log/icingaweb2/icingaweb2.log"
And make sure that the /var/log/icingaweb2/icingaweb2.log
file is writable by the web server user e.g. for Debian:
sudo mkdir /var/log/icingaweb2
sudo chmod -R o+w /var/log/icingaweb2/
Thanks. But still I can't get icingaweb to produce any logs.
Thanks. But still I can't get icingaweb to produce any logs.
Have you tried to log in once again after changing the config and log files?
Thanks. But still I can't get icingaweb to produce any logs.
Have you tried to log in once again after changing the config and log files?
obviously yes
Thanks. But still I can't get icingaweb to produce any logs.
Have you tried to log in once again after changing the config and log files?
obviously yes
Obviously it's not obvious to me, as I don't know exactly what steps you've taken and wouldn't be asking you such questions if it were that obvious. Anyway, if Icinga Web 2 is not logging anything, then it might not be trying to use LDAP as an authentication method at all. What does your /etc/icingaweb2/authentication.ini
config look like?
Obviously it's not obvious to me, as I don't know exactly what steps you've taken and wouldn't be asking you such questions if it were that obvious.
If you think it's not obvious, then it's on you. You obviously can't test if login is working without actually logging in. And you can't (neccessarily) expect logs when nothing can happen that could be logged.
Anyway, if Icinga Web 2 is not logging anything, then it might not be trying to use LDAP as an authentication method at all.
My point exactly, otherwise I should see that in the LDAP server logs, if it fails or not.
What does your
/etc/icingaweb2/authentication.ini
config look like?[icingaweb2] user_class = "inetOrgPerson" user_name_attribute = "uid" backend = "ldap" base_dn = "dc=domain,dc=de" domain = "auth.domain.de" // this is the full domain of the server that hosts the LDAP. If I remember correctly originally from the wizzard this only had the domain itself, without the "auth." part. But the result is the same either way. resource = "icingaweb_ldap"
Is there any other way to get any additional logs from icinga? There's just nothing received by the LDAP server.
Can you please show a screenshot of your Icinga Web 2 login page? Since you have domain = “auth.domain.de”
configured in your auth configuration, I suppose you are trying to authenticate in Icinga Web 2 as auth.domain.de\USERNAME
or USERNAME@auth.domain.de
as well?
Have you checked whether your ldap resource icingaweb_ldap
in /etc/icingaweb2/resources.ini
is also configured correctly?
Since you have domain = “auth.domain.de” configured in your auth configuration, I suppose you are trying to authenticate in Icinga Web 2 as auth.domain.de\USERNAME or USERNAME@auth.domain.de as well?
No. Why would I? Because with everything else that connects to this LDAP server, there's no need for that. So if that is actually necessary, it should be documented somewhere - I never came across this - and it's questionable if this should be needed when this is the only source for authentication set up.
Have you checked whether your ldap resource icingaweb_ldap in /etc/icingaweb2/resources.ini is also configured correctly?
As far as I can tell, yes.
The screenshot doesn't help, I was just looking to get the error message you are facing after you entered the correct credentials.
No. Why would I? Because with everything else that connects to this LDAP server, there's no need for that.
I don't know if it's required, I was just asking, but if it's not needed by your LDAP server, then just remove it from the config.
Can you also share the output of ls -la /etc/icingaweb2/
? Are the permissions for this directory set correctly?
That's all I get.
I don't know if it's required, I was just asking, but if it's not needed by your LDAP server, then just remove it from the config.
Good to know. I expected it to be necessary. This solves the issue, but I'll leave this open due to the changed title.
Describe the bug
After going through the icinga web setup and finishing the command transport setup I'm greeted with this error message:
There aren't any entries in icingaweb2 logs though. Now how do I fix this?
To Reproduce
Provide a link to a live example, or an unambiguous set of steps to reproduce this bug. Include configuration, logs, etc. to reproduce, if relevant.
Your Environment
Include as many relevant details about the environment you experienced the problem in
icinga2 --version
): r2.14.2-1icinga2 feature list
):icinga2 daemon -C
):