Question

registerServerTopology.sh - API calling the Central returned a Client exception

  • 29 February 2024
  • 5 replies
  • 74 views

Userlevel 1
Badge +8

Hi,

We can't register a remote server on the central server.

info :

remote :

  • ip 5.6.7.8
  • proto http
  • port 80

central:

  • ip 1.2.3.4
  • proto https
  • port 443

here are the details of how to run registerServerTopology.sh :

[sysadmin@CENTREON-REMOTE ~]$ sudo /usr/share/centreon/bin/registerServerTopology.sh -u admin -t remote -h https://1.2.3.4 -n remote-weldom
[sudo] password for sysadmin: [MOT DE PASSE DU COMPTE SYSADMIN DU REMOTE]
Please enter the password of https://1.2.3.4: [MOT DE PASSE DU COMPTE ADMIN WEB API DU CENTRAL]

  Summary of the information that will be sent:

  Api Connection:
  username: admin
  password: ******
  target server: 1.2.3.4

  Pending Registration Server:
  name: remote-weldom
  hostname: CENTREON-REMOTE.weldom-savoye.lan
  type: remote
  address: 5.6.7.8

Do you want to register this server with the previous information? (y/n): y
More information is required to convert your platform into Remote :
5.6.7.8: Please enter your username: admin
Please enter the password of 10.19.141.162:[MOT DE PASSE DU COMPTE ADMIN WEB DU REMOTE]
5.6.7.8: Protocol [http]:
5.6.7.8: Port [80]:
5.6.7.8: centreon root folder [centreon]:
Are you using a proxy ? (y/n): n
2024-02-28 11:32:38+01:00 - ERROR - 5.6.7.8: {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."}


5 replies

Userlevel 1
Badge +8

Anyone ?

Userlevel 4
Badge +13

Hi @SavCent 

You have this error:

 

HTTP\/1.1 403 Forbidden returned for

 

Is your user correct?

Userlevel 1
Badge +8

hi @ponchoh,

yes is correct. I’ve also try with another account specially create for register the remote on the central server.

is there any way to have more verbose/debug info from the command return ? 

Userlevel 4
Badge +13

Is the account admin? can you use it in the WebUI?

add verbosity to the curl call? (-v)

curl -s -X POST -H 'Content-Type: application/json' -d '{"security":{"credentials":{"login":"admin", "password":"CharlieEchoNovember"}}}' https://1.2.3.4:443/centreon/api/latest/login -v

shell?

sh -x /usr/share/centreon/bin/registerServerTopology.sh -u admin ............................

or address the 403

https://stackoverflow.com/questions/18447454/apache-giving-403-forbidden-errors#18447506

Userlevel 1
Badge +8

Hi @ponchoh 

so your first command give me this :

curl -s -X POST -H 'Content-Type: application/json' -d '{"security":{"credentials":{"login":"admin", "password":"CharlieEchoNovember"}}}' https://1.2.3.4:443/centreon/api/latest/login -v
*   Trying 10.242.128.100...
* TCP_NODELAY set
* Connected to 1.2.3.4 (1.2.3.4) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0

I try with --insecure and i get that :

*   Trying 1.2.3.4...
* TCP_NODELAY set
* Connected to 1.2.3.4 (1.2.3.4) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=XX; ST=XXX; L=XXX; OU=XXX; CN=XXX.com
*  start date: Apr  4 08:55:28 2023 GMT
*  expire date: Apr  3 08:55:28 2026 GMT
*  issuer: C=XXX; ST=XXX; L=XXX; O=XXX; OU=Certificate Authority; CN=XXXXX; emailAddress=XXX.com
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* TLSv1.3 (OUT), TLS app data, [no content] (0):
> POST /centreon/api/latest/login HTTP/1.1
> Host: 1.2.3.4
> User-Agent: curl/7.61.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 88
>
* upload completely sent off: 88 out of 88 bytes
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/1.1 403 Forbidden
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Content-Security-Policy: frame-ancestors 'self'
< Content-Type: text/html; charset="utf-8"
< Content-Length: 4887
< Connection: Close
<
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <style type="text/css">
            body {
                height: 100%;
                font-family: Helvetica, Arial, sans-serif;
                color: #6a6a6a;
                margin: 0;
                display: flex;
                align-items: center;
                justify-content: center;
            }
            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
                color: #262626;
                vertical-align: baseline;
                margin: .2em;
                border-style: solid;
                border-width: 1px;
                border-color: #a9a9a9;
                background-color: #fff;
                box-sizing: border-box;
                padding: 2px .5em;
                appearance: none;
                border-radius: 0;
            }
            input:focus {
                border-color: #646464;
                box-shadow: 0 0 1px 0 #a2a2a2;
                outline: 0;
            }
            button {
                padding: .5em 1em;
                border: 1px solid;
                border-radius: 3px;
                min-width: 6em;
                font-weight: 400;
                font-size: .8em;
                cursor: pointer;
            }
            button.primary {
                color: #fff;
                background-color: rgb(47, 113, 178);
                border-color: rgb(34, 103, 173);
            }
            .message-container {
                height: 500px;
                width: 600px;
                padding: 0;
                margin: 10px;
            }
            .logo {
                background: url(https://XXX:8015/XX/YY/ZZ/CI/XXXXXXX) no-repeat left center;
                height: 267px;
                object-fit: contain;
            }
            table {
                background-color: #fff;
                border-spacing: 0;
                margin: 1em;
            }
            table > tbody > tr > td:first-of-type:not([colspan]) {
                white-space: nowrap;
                color: rgba(0,0,0,.5);
            }
            table > tbody > tr > td:first-of-type {
                vertical-align: top;
            }
            table > tbody > tr > td {
                padding: .3em .3em;
            }
            .field {
                display: table-row;
            }
            .field > :first-child {
                display: table-cell;
                width: 20%;
            }
            .field.single > :first-child {
                display: inline;
            }
            .field > :not(:first-child) {
                width: auto;
                max-width: 100%;
                display: inline-flex;
                align-items: baseline;
                virtical-align: top;
                box-sizing: border-box;
                margin: .3em;
            }
            .field > :not(:first-child) > input {
                width: 230px;
            }
            .form-footer {
                display: inline-flex;
                justify-content: flex-start;
            }
            .form-footer > * {
                margin: 1em;
            }
            .text-scrollable {
                overflow: auto;
                height: 150px;
                border: 1px solid rgb(200, 200, 200);
                padding: 5px;
                font-size: 1em;
            }
            .text-centered {
                text-align: center;
            }
            .text-container {
                margin: 1em 1.5em;
            }
            .flex-container {
                display: flex;
            }
            .flex-container.column {
                flex-direction: column;
            }
        </style>
        <title>Web Filter Violation</title>
    </head>
    <body><div class="message-container">
    <div class="logo"></div>
    <h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
    <h3>Web Page Blocked</h3>
    <p>You have tried to access a web page that is in violation of your Internet usage policy.</p>
    <table><tbody>
        <tr>
            <td>Category</td>
            <td>Unrated</td>
        </tr>
        <tr>
            <td>URL</td>
            <td>https://1.2.3.4/</td>
        </tr>
    </tbody></table>
    <p>To have the rating of this web page re-evaluated <a href="https://XXX.net/rate/submit.php?id=1XXXXXX&cat=00&loc=https://10%2e242%2e128%2e100%2f&ver=9">please click here</a>.</p>
    <p></p>
</div></body>
</html>

 

The sh with debug mode made this

+ API_USERNAME=
+ CURRENT_NODE_TYPE=
+ CURRENT_NODE_ADDRESS=
+ TARGET_NODE_ADDRESS=
+ CURRENT_NODE_NAME=
+ CENTREON_BASE_URI=
+ INSECURE=
+ TEMPLATE_FILE=
+ API_TOKEN=
+ RESPONSE_MESSAGE=
+ SUPPORTED_LOG_LEVEL=([INFO]=0 [ERROR]=1)
+ declare -A SUPPORTED_LOG_LEVEL
+ PARSED_URL=([SCHEME]="http" [HOST]="" [PORT]="80")
+ declare -A PARSED_URL
+ PARSED_CURRENT_NODE_URL=([SCHEME]="" [HOST]="" [PORT]="")
+ declare -A PARSED_CURRENT_NODE_URL
+ NODE_TYPE=([remote]=1 [poller]=1 [map]=1 [mbi]=1)
+ declare -A NODE_TYPE
+ runtime_log_level=INFO
+ parse_command_options -u remoteRegister -t remote -h https://1.2.3.4 -n remote-weldom
+ (( 8 > 0 ))
+ case $1 in
+ set_variable API_USERNAME remoteRegister
+ local varname=API_USERNAME
+ shift
+ '[' -z '' ']'
+ eval 'API_USERNAME="remoteRegister"'
++ API_USERNAME=remoteRegister
+ shift 2
+ (( 6 > 0 ))
+ case $1 in
+ [[ -z 1 ]]
+ set_variable CURRENT_NODE_TYPE remote
+ local varname=CURRENT_NODE_TYPE
+ shift
+ '[' -z '' ']'
+ eval 'CURRENT_NODE_TYPE="remote"'
++ CURRENT_NODE_TYPE=remote
+ shift 2
+ (( 4 > 0 ))
+ case $1 in
+ set_variable TARGET_NODE_ADDRESS https://1.2.3.4
+ local varname=TARGET_NODE_ADDRESS
+ shift
+ '[' -z '' ']'
+ eval 'TARGET_NODE_ADDRESS="https://1.2.3.4"'
++ TARGET_NODE_ADDRESS=https://1.2.3.4
+ parse_fqdn https://1.2.3.4
++ echo https://1.2.3.4
++ grep @
++ cut -d@ -f1
+ userpass=
++ echo https://1.2.3.4
+ url=https://1.2.3.4
++ echo https://1.2.3.4
++ grep ://
++ cut -d: -f1
+ SCHEME=https
+ '[' -n https ']'
+ PARSED_URL[SCHEME]=https
++ cut -d: -f1
++ echo 1.2.3.4
+ PARSED_URL[HOST]=1.2.3.4
++ echo 1.2.3.4
++ cut -d: -f2
+ PORT=1.2.3.4
+ '[' 1.2.3.4 '!=' 1.2.3.4 ']'
+ '[' https == https ']'
+ PARSED_URL[PORT]=443
+ shift 2
+ (( 2 > 0 ))
+ case $1 in
+ set_variable CURRENT_NODE_NAME remote-weldom
+ local varname=CURRENT_NODE_NAME
+ shift
+ '[' -z '' ']'
+ eval 'CURRENT_NODE_NAME="remote-weldom"'
++ CURRENT_NODE_NAME=remote-weldom
+ shift 2
+ (( 0 > 0 ))
+ [[ ! -n remoteRegister ]]
+ [[ ! -n remote ]]
+ [[ ! -n https://1.2.3.4 ]]
+ [[ ! -n remote-weldom ]]
+ [[ ! -n '' ]]
+ read -sp 'Please enter the password of https://1.2.3.4: ' API_TARGET_PASSWORD
Please enter the password of https://1.2.3.4: + echo ''

+ [[ ! -n '' ]]
+ get_current_node_ip
++ hostname -I
++ xargs
+ PARSED_CURRENT_NODE_URL[HOST]=4.5.6.7
+ ips=(${PARSED_CURRENT_NODE_URL[HOST]})
+ count_available_ips=1
+ [[ 1 -gt 1 ]]
+ prepare_register_payload
+ PAYLOAD='{"name":"remote-weldom","hostname":"CENTREON-REMOTE.weldom-savoye.lan","type":"remote","address":"4.5.6.7","parent_address":"1.2.3.4"}'
+ cat

  Summary of the information that will be sent:

  Api Connection:
  username: remoteRegister
  password: ******
  target server: 1.2.3.4

  Pending Registration Server:
  name: remote-weldom
  hostname: CENTREON-REMOTE.weldom-savoye.lan
  type: remote
  address: 4.5.6.7

+ read -p 'Do you want to register this server with the previous information? (y/n): ' IS_VALID
Do you want to register this server with the previous information? (y/n): y
+ [[ y != \y ]]
+ [[ ! -n '' ]]
+ CENTREON_BASE_URI=centreon
+ [[ remote == \r\e\m\o\t\e ]]
+ prepare_remote_payload
+ [[ ! -n '' ]]
+ set_remote_parameters_manually
+ echo 'More information is required to convert your platform into Remote : '
More information is required to convert your platform into Remote :
+ read -p '4.5.6.7 : Please enter your username: ' API_CURRENT_NODE_USERNAME
4.5.6.7 : Please enter your username: admin
+ read -sp 'Please enter the password of 4.5.6.7: ' API_CURRENT_NODE_PASSWORD
Please enter the password of 4.5.6.7: + echo ''

+ '[' -z ']'
+ read -p '4.5.6.7 : Protocol [http]: ' 'PARSED_CURRENT_NODE_URL[SCHEME]'
4.5.6.7 : Protocol [http]:
+ '[' -z ']'
+ read -p '4.5.6.7 : Port [80]: ' 'PARSED_CURRENT_NODE_URL[PORT]'
4.5.6.7 : Port [80]:
+ read -p '4.5.6.7 : centreon root folder [centreon]: ' API_CURRENT_NODE_BASE_URI
4.5.6.7 : centreon root folder [centreon]:
+ '[' -z ']'
+ PARSED_CURRENT_NODE_URL[SCHEME]=http
+ '[' -z ']'
+ PARSED_CURRENT_NODE_URL[PORT]=80
+ [[ -z '' ]]
+ API_CURRENT_NODE_BASE_URI=centreon
+ read -p 'Are you using a proxy ? (y/n): ' PROXY_USAGE
Are you using a proxy ? (y/n): n
+ [[ n == \y ]]
+ [[ n == true ]]
+ '[' -n ']'
+ PEER_VALIDATION='"peerValidation": false'
+ get_api_token http://4.5.6.7:80 admin 'remoteAdminPassword' centreon
++ curl -s -X POST -H 'Content-Type: application/json' -d '{"security":{"credentials":{"login":"admin", "password":"remoteAdminPassword"}}}' http://4.5.6.7:80/centreon/api/latest/login
+ API_RESPONSE='{"contact":{"id":1,"name":"Centreon_Weldom","alias":"admin","email":"centreon@localhost","is_admin":true},"security":{"token":"SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE"}}'
++ echo '{"contact":{"id":1,"name":"Centreon_Weldom","alias":"admin","email":"centreon@localhost","is_admin":true},"security":{"token":"SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE"}}'
++ cut '-d"' -f4
++ grep -o '"token":"[^"]*'
+ API_TOKEN=SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE
+ [[ ! -n {"contact":{"id":1,"name":"Centreon_Weldom","alias":"admin","email":"centreon@localhost","is_admin":true},"security":{"token":"SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE"}} ]]
+ [[ ! -n SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE ]]
+ request_to_remote
+ [[ -n '' ]]
+ REMOTE_PAYLOAD='{"isRemote":true,"address":"4.5.6.7","platformName":"remote-weldom","centralServerAddress":"1.2.3.4","apiUsername":"remoteRegister","apiCredentials":"remoteRegister123!","apiScheme":"https","apiPort":443,"apiPath":"centreon","peerValidation": false'
+ [[ -n PROXY_PAYLOAD ]]
+ REMOTE_PAYLOAD='{"isRemote":true,"address":"4.5.6.7","platformName":"remote-weldom","centralServerAddress":"1.2.3.4","apiUsername":"remoteRegister","apiCredentials":"remoteRegister123!","apiScheme":"https","apiPort":443,"apiPath":"centreon","peerValidation": false'
+ REMOTE_PAYLOAD='{"isRemote":true,"address":"4.5.6.7","platformName":"remote-weldom","centralServerAddress":"1.2.3.4","apiUsername":"remoteRegister","apiCredentials":"remoteRegister123!","apiScheme":"https","apiPort":443,"apiPath":"centreon","peerValidation": false}'
+ IFS='
'
+ REMOTE_API_RESPONSE=($(curl -s -X PATCH ${INSECURE:+--insecure} -i -H "Content-Type: application/json" -H "X-AUTH-TOKEN: ${API_TOKEN}"     -d "${REMOTE_PAYLOAD}"     "${PARSED_CURRENT_NODE_URL[SCHEME]}://${PARSED_CURRENT_NODE_URL[HOST]}:${PARSED_CURRENT_NODE_URL[PORT]}/${API_CURRENT_NODE_BASE_URI}/api/latest/platform" | grep -E "(HTTP/|message)"))
++ grep -E '(HTTP/|message)'
++ curl -s -X PATCH -i -H 'Content-Type: application/json' -H 'X-AUTH-TOKEN: SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE' -d '{"isRemote":true,"address":"4.5.6.7","platformName":"remote-weldom","centralServerAddress":"1.2.3.4","apiUsername":"remoteRegister","apiCredentials":"remoteRegister123!","apiScheme":"https","apiPort":443,"apiPath":"centreon","peerValidation": false}' http://4.5.6.7:80/centreon/api/latest/platform
'+ echo 'HTTP/1.1 500 Internal Server Error
++ cut -d ' ' -f2
+ HTTP_CODE=500
+ RESPONSE_MESSAGE='{"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."}'
+ [[ 500 == \2\0\4 ]]
+ [[ {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."} != '' ]]
+ log ERROR '4.5.6.7: {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."}'
++ date --rfc-3339=seconds
+ TIMESTAMP='2024-03-08 08:48:42+01:00'
+ [[ -z ERROR ]]
+ [[ -z 4.5.6.7: {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."} ]]
+ log_message_level=ERROR
+ log_message='4.5.6.7: {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."}'
+ [[ -n 1 ]]
+ ((  1 < 0  ))
+ echo -e '2024-03-08 08:48:42+01:00 - ERROR - 4.5.6.7: {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."}'
2024-03-08 08:48:42+01:00 - ERROR - 4.5.6.7: {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."}
+ exit 1
 

Reply