search

bb-Ricardo / check_redfish

A monitoring/inventory plugin to check components and health status of systems which support Redfish. It will also create a inventory of all components of a system.
MIT License
110 stars 30 forks source link

Tunnel connection failed: 403 forbidden #78

Closed s-blottk closed 2 years ago

s-blottk commented 2 years ago

Hello,

the following error occurs when using this script with Icinga2:

2022-02-28 17:40:57,​027 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:40:57,​028 - DEBUG: HTTP REQUEST: GET
    PATH: /redfish/v1/
    BODY: None
2022-02-28 17:40:57,​028 - INFO: Attempt 1 of /redfish/v1/
2022-02-28 17:40:57,​063 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:40:58,​065 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:40:58,​065 - DEBUG: HTTP REQUEST: GET
    PATH: /redfish/v1/
    BODY: None
2022-02-28 17:40:58,​065 - INFO: Attempt 2 of /redfish/v1/
2022-02-28 17:40:58,​083 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:40:59,​089 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:40:59,​090 - DEBUG: HTTP REQUEST: GET
    PATH: /redfish/v1/
    BODY: None
2022-02-28 17:40:59,​090 - INFO: Attempt 3 of /redfish/v1/
2022-02-28 17:40:59,​245 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:41:00,​252 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:41:00,​252 - DEBUG: HTTP REQUEST: GET
    PATH: /redfish/v1/
    BODY: None
2022-02-28 17:41:00,​252 - INFO: Attempt 4 of /redfish/v1/
2022-02-28 17:41:00,​267 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:41:01,​272 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
[CRITICAL]: Unable to connect to Host '10.116.246.168', max retries exhausted.

Each service check fails with Unable to connect to Host '', max retries exhausted.

Service check and check commands have been copied from here: https://github.com/bb-Ricardo/check_redfish/blob/master/contrib/icinga2_check_redfish_command.conf https://github.com/bb-Ricardo/check_redfish/blob/master/contrib/icinga2_hw_service_checks_example.conf

Usually I am using the Nagios "check_ilo2_health" (https://exchange.nagios.org/directory/Plugins/Hardware/Server-Hardware/HP-(Compaq)/check_ilo2_health/details) but since iLO version 5 it does not work that well anymore.

All dependencies have been installed on the CentOS 7 system.

Host to be queried is a HPE XL190r Gen10 on ILO 5 (2.55)

The Icinga2 VM can ping the HPE machine, so network shouldn't be the problem.

I tried to implement this code line in the python script, but it did not solve the issue: os.environ['no_proxy'] = "*"

bb-Ricardo commented 2 years ago

Hi,

So there is a proxy configured but you want to connect directly to the machines? Did I understand that correctly?

Is there a proxy configured in the environment? Did you try to unset the proxy variables?

s-blottk commented 2 years ago

Hello Ricardo,

correct, I want to connect directly to the machine. Even when the http_proxy and https_proxy get unset, the same error message occurs.

It is very interesting that the queries do function when they get executed on the CLI:

root@icinga2:/usr/lib64/nagios/plugins/check_mk>>/usr/lib64/nagios/plugins/check_redfish/check_redfish.py -H 10.116.246.168 -u USERNAME-p PW--power [OK]: Chassi 1 : All power supplies (2) are in good condition [OK]: Chassi enclosurechassis : All power supplies (2) are in good condition|'ps_1.1'=355 'ps_1.2'=355 'ps_enclosurechassis.1'=355 'ps_enclosurechassis.2'=355

bb-Ricardo commented 2 years ago

Hi,

Then your icinga environment must contain proxy settings.

Change to the icinga user and run env or your icinga config contains theses settings.

bb-Ricardo commented 2 years ago

were you able to figure out where the proxy settings are coming from?

s-blottk commented 2 years ago

Sadly the community couldn't help me out...

bb-Ricardo commented 2 years ago

Did you try to set the no_proxy env var in the command definition?

s-blottk commented 2 years ago

If have found the solution. Just set e.g. NO_PROXY="10.116.246.168,localhost,127.0.0.1,localaddress,.localdomain.com" in sysconfig/icinga2 on your icinga2 client.

Thank you bb-Ricardo!

bb-Ricardo commented 2 years ago

Ahh, so it was a system wide setting and this way you can disable it!

Great to hear.