MISP Connector failing to connect when using docker swarm

[blockanz]

Description

I am playing around with using a docker swarm instead of a single node. Successfully imported my environment variables and .yml file into portainer and deployed the swarm. For some reason I am seeing the following errors when MISP connector is trying to connect to my MISP server (which worked fine on a single node not in swarm config).

ERROR Something went wrong (403): {'name': 'Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.', 'message': 'Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.', 'url': '/servers/getVersion'} | timestamp=2024-04-25T22:16:50.552370Z name=pymisp /usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py:1103: InsecureRequestWarning: Unverified HTTPS request is being made to host '192.168.16.105'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings warnings.warn( ERROR Something went wrong (403): {'name': 'Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.', 'message': 'Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.', 'url': '/servers/getPyMISPVersion.json'} | timestamp=2024-04-25T22:16:50.570359Z name=pymisp /usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py:1103: InsecureRequestWarning: Unverified HTTPS request is being made to host '192.168.16.105'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings warnings.warn( ERROR Something went wrong (403): {'name': 'Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.', 'message': 'Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.', 'url': '/users/view/me'} | timestamp=2024-04-25T22:16:50.590742Z name=pymisp Terminated

Environment

1. OS - UBUNTU 22.04
2. OpenCTI version: 6.0.10
3. OpenCTI client: frontend
4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Import docker-compose.yml to portainer
2. import .env to portainer
3. deploy stack across 3 nodes with portainer

Additional information

Below is my yml for MISP

connector-misp: image: opencti/connector-misp:6.0.10 environment:

• OPENCTI_URL=http://192.168.16.80:8080
• OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
• CONNECTOR_ID=${CONNECTOR_MISP_ID}
• CONNECTOR_TYPE=EXTERNAL_IMPORT
• CONNECTOR_NAME=MISP
• CONNECTOR_SCOPE=misp
• CONNECTOR_CONFIDENCE_LEVEL=25
• CONNECTOR_UPDATE_EXISTING_DATA=true
• CONNECTOR_LOG_LEVEL=error
• MISP_URL=https://192.168.16.105
• MISP_KEY=${CONNECTOR_MISP_API}
• MISP_SSL_VERIFY=false
• MISP_DATETIME_ATTRIBUTE=timestamp
• MISP_CREATE_REPORTS=true
• MISP_CREATE_OBSERVABLES=true
• MISP_CREATE_OBJECT_OBSERVABLES=true
• MISP_CREATE_TAGS_AS_LABELS=true
• MISP_IMPORT_WITH_ATTACHMENTS=true
• MISP_CREATE_INDICATORS=true
• MISP_REPORT_CLASS=MISP Event
• MISP_IMPORT_FROM_DATE=2024-02-01
• MISP_IMPORT_TAGS=opencti:import,type:OSINT,osint:source-type="block-or-filter-list",OSINT,circl:incident-classification="phishing",Phishing,veris:action:social.variety="Phishing",c2,hostname,ip
• MISP_INTERVAL=90 restart: always depends_on:
• opencti

[blockanz]

Ignore above. Somehow an additional character was imported with my config which was appended to my API key. Removing that has resolved the issue