bufanda
commented
1 month ago How did you try to configure follow_redirects? There is no support for redirects in the JavaScript Class. And there is also no support for it in the template.
Closed MetalSamurai99 closed 1 day ago
bufanda
commented
1 month ago How did you try to configure follow_redirects? There is no support for redirects in the JavaScript Class. And there is also no support for it in the template.
MetalSamurai99
commented
1 month ago Using the 6.4 template.
The part that fails is 'Check token validity', starting at line 1069. I tried changing line 1082 which says follow_redirects: 'NO' to YES, but still get the error that the response code 302 does not match the expected 200.
Tried modifying using the GUI Select Xen Orchestra by HTTP from templates, click on Web, click on Check Token Validity, then Steps, then Check Token Validity, check the box "Follow redirects", Update and Update again. I don't see any change when it tries again after 5 minutes.
I note the updated template when exported no longer has the follow_redirects line at all, but 302 is a temporary redirect.
Only installed Zabbix a couple of days ago, so I have no idea what's going wrong.
bufanda
commented
1 month ago Ah got you. That's not a one of the Script Item but the Web Scenario. What does you {$XOA.URL} look like?
Do you use http:// instead of https:// for the macro but Xen-Orchestra is using https and you redirect from http to https?
Could you try https? Could be a Zabbix issue then.
MetalSamurai99
commented
1 month ago The URL I'm using is
https://xo-host.fullyqualified.com/
I haven't tried https://xo-host/ or https://xxx.xxx.xxx.xxx/ it's possible that one of those names/IP address would avoid the redirection. I haven't dug in to how XenOrchestra is set up. Just used the automated build script for the community edition. In any case, that seems like the wrong fix. The test is just "is this token correct?" (And I'm pretty sure it is), but instead of getting a 200 code back from XO it's a 302 redirect.
billcouper81
commented
2 days ago It working for me on Zabbix 7.0.3, with XCP-ng 8.2.1, and Xen Orchestra Appliance 5.95.2
My web scenario for 'check token validity' looks like this:
URL = {$XOA.URL}/rest/v0
And I have defined that macro on the host object as:
{$XOA.URL} = https://xoaname.fqdn.com
Note that I don't have a trailing slash on my macro definition, which would cause a double-slash in the web scenario... could it be as simple as that?
bufanda
commented
1 day ago It working for me on Zabbix 7.0.3, with XCP-ng 8.2.1, and Xen Orchestra Appliance 5.95.2
My web scenario for 'check token validity' looks like this:
URL = {$XOA.URL}/rest/v0And I have defined that macro on the host object as:
{$XOA.URL} = https://xoaname.fqdn.comNote that I don't have a trailing slash on my macro definition, which would cause a double-slash in the web scenario... could it be as simple as that?
Probably, the trailing slash already caused issues with discovery rules that's why it is stripped, but this is not possible in web scenarios. Need to try it and see if that's the root cause.
Edit:
so checked it and yeah double / in the URL in the issue
❯ curl -v https://xen.internal//rest/v0
* Host xen.internal:443 was resolved.
* IPv6: ::1
* IPv4: 10.10.10.96
* Trying [::1]:443...
* connect to ::1 port 443 from ::1 port 45308 failed: Connection refused
* Trying 10.10.10.96:443...
* Connected to xen.internal (10.10.10.96) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: CN=internal
* start date: Aug 13 17:54:09 2024 GMT
* expire date: Nov 11 17:54:08 2024 GMT
* subjectAltName: host "xen.internal" matched cert's "*.internal"
* issuer: C=US; O=Let's Encrypt; CN=R10
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://xen.internal//rest/v0
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: xen.internal]
* [HTTP/2] [1] [:path: //rest/v0]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET //rest/v0 HTTP/2
> Host: xen.internal
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/2 302
< content-type: text/plain; charset=utf-8
< date: Thu, 12 Sep 2024 05:16:54 GMT
< location: /signin
< set-cookie: connect.sid=s%3AVaJSxHKtniyLq_9Fv54VJo2RjiB5PO85.TKqfMvKd7yRzHQOF8Sb3WEREU1v4p0nkgbPpij2u1hU; Path=/; HttpOnly
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< vary: Accept, Accept-Encoding
< x-content-type-options: nosniff
< x-dns-prefetch-control: off
< x-download-options: noopen
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
< content-length: 29
<
* Connection #0 to host xen.internal left intact
Found. Redirecting to /signin%
❯ curl -v https://xen.internal/rest/v0
* Host xen.internal:443 was resolved.
* IPv6: ::1
* IPv4: 10.10.10.96
* Trying [::1]:443...
* connect to ::1 port 443 from ::1 port 45312 failed: Connection refused
* Trying 10.10.10.96:443...
* Connected to xen.internal (10.10.10.96) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: CN=internal
* start date: Aug 13 17:54:09 2024 GMT
* expire date: Nov 11 17:54:08 2024 GMT
* subjectAltName: host "xen.internal" matched cert's "*.internal"
* issuer: C=US; O=Let's Encrypt; CN=R10
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://xen.internal/rest/v0
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: xen.internal]
* [HTTP/2] [1] [:path: /rest/v0]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET /rest/v0 HTTP/2
> Host: xen.internal
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/2 401
< content-type: text/plain; charset=utf-8
< date: Thu, 12 Sep 2024 05:16:58 GMT
< etag: W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< vary: Accept-Encoding
< x-content-type-options: nosniff
< x-dns-prefetch-control: off
< x-download-options: noopen
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
< content-length: 12
<
* Connection #0 to host xen.internal left intact
Unauthorized%
``
Note: I obfuscated my domain in this example.
@MetalSamurai99 so remove the trailing slash in your macro.
Description
Response code "302" did not match any of the required status codes "200"
Attempted to modify the template by changing follow_redirects to 'YES', but still fails to collect any data.
Environment
Zabbix 7.0.0 XCP-NG 8.2.1 XenOrchestra Community Edition