schedule_purge not working: [02:50:00] Cisco DNA Center isn't available - 401 Client Error: Unauthorized for url: https://*****/api/system/v1/maglev/backup

[Ivanszky]

Hi Robert,

when I try to use schedule_purge, I got the following error message at the scheduled time:

$ docker logs intelligent_swartz

Your backups will be deleted daily at 02:50
[02:50:00] Cisco DNA Center isn't available - 401 Client Error: Unauthorized for url: https://******/api/system/v1/maglev/backup                           cli.py:334

Is it possible that the DNAC auth token times auth? As far as I can tell, the ciscodnacbackupctl.Api() is not called within the job() function, so I think it is not reauthenticated before the API call?

kind regards, Gabor

[Ivanszky]

I ran the tool with debug enabled, and from that it seems that it doesn't reauthenticate before executing the actual deletion, so it is using the old token. As far as I know, the token is only valid for 60 minutes, so this might be the root cause of the issue:

$ docker logs charming_hypatia
Debug mode: True
send: b'POST /dna/system/api/v1/auth/token HTTP/1.1\r\nHost: dnac.mvmi.net\r\nUser-Agent: python-requests/2.28.2\r\nAccept-Encoding: gzip, deflate\r\nAccept: application/json\r\nConnection: keep-alive\r\nContent-Type: application/json\r\nContent-Length: 0\r\nAuthorization: Basic Y2lzY29kbmFjYmFja3VwY3RsOmFLaDhaV1d0R1E5Z2UjSGw=\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Content-Type: application/json
header: Content-Length: 744
header: Connection: keep-alive
header: Date: Tue, 11 Apr 2023 10:09:01 GMT
header: X-Password-Expiry-Days: -1, -1, -1
header: Server: webserver
header: x-request-id: e26e9c43cb5f2f29fc861eaa58d9cf84
header: Vary: Origin
header: Access-Control-Allow-Origin: pa-dnac.mvmi.net
header: Via: api-gateway
header: Cache-Control: no-store
header: Pragma: no-cache
header: Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1
header: Strict-Transport-Security: max-age=31536000; includeSubDomains
header: X-Frame-Options: SAMEORIGIN

Your backups will be deleted daily at 13:39
send: b'GET /api/system/v1/maglev/backup HTTP/1.1\r\nHost: dnac.mvmi.net\r\nUser-Agent: python-requests/2.28.2\r\nAccept-Encoding: gzip, deflate\r\nAccept: application/json\r\nConnection: keep-alive\r\nX-Auth-Token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI2NDJhYjI1NDg1OTk4NjZiNzkyZDAzODIiLCJhdXRoU291cmNlIjoiaW50ZXJuYWwiLCJ0ZW5hbnROYW1lIjoiVE5UMCIsInJvbGVzIjpbIjY0MmFiMjAzODU5OTg2NmI3OTJkMDM1NCJdLCJ0ZW5hbnRJZCI6IjYyNGM3OTUyYWIyMGVhMDc3YmJlNWZjOCIsImV4cCI6MTY4MTIxMTM1NywiaWF0IjoxNjgxMjA3NzU3LCJqdGkiOiJmYjc4MWJiYS00NjVhLTRiMDAtOWFjNS03ZjE4MmUxN2Q4OWYiLCJ1c2VybmFtZSI6ImNpc2NvZG5hY2JhY2t1cGN0bCJ9.cfYX1at_abSjJ6G1rLcAzLFgZ19txDDFqirFUo_AJ6DLdnrxPPB4dQLSNHkrgjyQcSB3FQp7pFtOG3_JtThZJrkdZdTedWxFEo9uYFCrabTbDn-ZpC_5rG_n6bbCBcY5FJGPz3uFd4OvhwbRI271KPCKa2RQhw5XpO_inPAMTtaQmb32-uiwYap32hRZ5gppupB2_68VT3lYT3oQHw0N0m5xw5olxRpGbUut1Z0jbW-2PPIn9P8BMVNV9ZqaTqfENqAkMzGMsfFd4mqxcYGsrhsVWAFT5AGSiyqOtiCQJN8NNxn-nRJGczx_in30lPzwL0zzLD6xvqWXyr5o2Xtgmg\r\nContent-Type: application/json\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Date: Tue, 11 Apr 2023 13:39:00 GMT
header: Content-Type: application/json; charset=utf-8
header: Connection: keep-alive
header: X-APIGW: true
header: Server: webserver
header: Content-Length: 24
header: x-request-id: feb16a33f2513e082d3d0beaf9130565
header: Vary: Origin
header: Access-Control-Allow-Origin: pa-dnac.mvmi.net
header: Via: api-gateway
header: Cache-Control: no-store
header: Pragma: no-cache
header: Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1
header: Strict-Transport-Security: max-age=31536000; includeSubDomains
header: X-Frame-Options: SAMEORIGIN
[13:39:00] Cisco DNA Center isn't available - 401 Client Error: Unauthorized for url: https://dnac.mvmi.net/api/system/v1/maglev/backup                           cli.py:334

[Ivanszky]

I've made the following change, and now it seems to work fine, it reauthenticates every time before it tries to do a scheduled purge:

[ubuntu@DESKTOP-7JMJ29K:~/code/ciscodnacbackupctl$ git diff
diff --git a/ciscodnacbackupctl/cli.py b/ciscodnacbackupctl/cli.py
index dad5bc0..6a4e083 100644
--- a/ciscodnacbackupctl/cli.py
+++ b/ciscodnacbackupctl/cli.py
@@ -328,6 +328,7 @@ def schedule_purge(ctx, interval, incompatible, keep, day, hour):

     def job():
         force = True
+        cli.api._auth()
         try:
             purge = cli.purge(keep=keep, incompatible=incompatible, force=force)
         except Exception as error_msg:](url)

[robertcsapo]

Good catch @Ivanszky We might just implement similar setup as for daemon. What do you think?

https://github.com/cskoglun/ciscodnacbackupctl/blob/922d34c1add181f2709fb6bb2911545d8cc0243b/ciscodnacbackupctl/cli.py#L27-L31

https://github.com/cskoglun/ciscodnacbackupctl/blob/922d34c1add181f2709fb6bb2911545d8cc0243b/ciscodnacbackupctl/cli.py#L329-L330

[Ivanszky]

Good catch @Ivanszky We might just implement similar setup as for daemon. What do you think?

https://github.com/cskoglun/ciscodnacbackupctl/blob/922d34c1add181f2709fb6bb2911545d8cc0243b/ciscodnacbackupctl/cli.py#L27-L31

https://github.com/cskoglun/ciscodnacbackupctl/blob/922d34c1add181f2709fb6bb2911545d8cc0243b/ciscodnacbackupctl/cli.py#L329-L330

Seems like a good solution to me. :)

[robertcsapo]

@Ivanszky do you want to make an PR (pull request) for this fix? 🙂

[Ivanszky]

@Ivanszky do you want to make an PR (pull request) for this fix? 🙂

@robertcsapo I have opened a PR, apologies if it is not perfect, this is my first github PR...

[robertcsapo]

Issue #19 is related as well to this PR #26