Using Nagios API updating(XPUT) hostgroup is failing

[bseuser]

I am doing some testing by using APIs. While I am updating the hostgroup using XPUT command changing the "alias" for hostgroup. I am giving "alias=New alias" (with space b/w New and alias) and the response 400 Bad Request . Below is the output example.

Code: Select all

% curl -XPUT "http://nagiosxidev/nagiosxi/api/v1/config/hostgroup/testapihostgroup?apikey=<Nagios Dev API Key>=1&alias=New Alias&applyconfig=1"

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>

Am I missing anything in the CURL command with the API?

We are using Nagios XI 5.8.1 version.

[benjaminsmith]

Hi,

It looks like there's an error in the example command. Run the command again but remove the space in the word 'New Alias' or fill that in with %20 ( for the space character.

Code: Select all

curl -XPUT "http://nagiosxidev/nagiosxi/api/v1/config/hostgroup/testapihostgroup?apikey=<Nagios Dev API Key>=1&alias=NewAlias&applyconfig=1"

Let me know if that works for you now. Thanks for reporting this, I'll get a bug report filed for the error.

Benjamin

[bseuser]

Ya, I used the %20 it successfully executed the command.

Thanks..

[bseuser]

Hi,
I am doing some automation using ansible with Nagios API. While trying to update the service object using PUT command it's not modifying anything.
I am using variable FQDN in URL.

Code: Select all

---
- name: Test
  hosts: nagiosxidev
  connection: ssh
  gather_facts: True

  tasks:
  - name: Update service object
    uri:
      url: http://nagiosxidev/nagiosxi/api/v1/config/service/{{ FQDN }}/SSH?apikey={{ API KEY }}&pretty=1&notification_interval=15&applyconfig=1
      method: PUT
      validate_certs: no
      timeout: 30

Output:

Code: Select all

PLAY [Test] *******************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************************************
ok: [nagiosxidev]

TASK [Update service object] **************************************************************************************************************************************************************************************************************
ok: [nagiosxidev]

PLAY RECAP ********************************************************************************************************************************************************************************************************************************
nagiosxidev                : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

But it's not modifying anything on Nagios.
I am using a variable instead of a hard-code in the URL. Variables are possible in URL? is this the correct way?

And also can we use like "service_description={{ service }}&host_name={{ FQDN }}&notification_interval=10&applyconfig=1" to the body that would work with the PUT method

Thanks.

[benjaminsmith]

Hi @bseuser,

I'm not that familiar with Ansible, and not sure why there isn't more information available in the output. I have a few suggestions. Is there a verbose mode that you can enable to get more connection details.

Also, on the XI server, go to Admin > System Information > Audit Log and filter the source field to API. You will see the incoming requests, this is useful for testing purposes.

The ansible-playbook has ssh set for the connection field. Normally, an API request is sent over HTTP. Is this correct? Yes, you can add the optional fields int the body of the string.

Benjamin

[bseuser]

Hi @benjaminsmith,

I am doing some more testing using API. My use case is below:

We have multiple teams that they owned Hosts( Servers ) and monitored in Nagios XI. Only the Infra team has Admin access to Nagios to create/edit/modified the host and services. So, I am trying to see how the Infra team can provide only access (Admin access) to do self-serve access to other teams that owned their host and services?

Example: Team1 can see only the Team1 servers, and services using the APIs can create/modified only Team1 servers.
Team2 can see only Team2 servers and services using the APIs can create/modified only Team2 servers, not team1 servers.

Is there a way that I can do the above use case?

And also, is it possible to do below Nagios XI:

1. Is there a way to create the user and provide access to limited host and services modification using APIs?
2. Is there a way to change the API key every login or change it every day using its script?


Thanks,

[benjaminsmith]

Hi,

Example: Team1 can see only the Team1 servers, and services using the APIs can create/modified only Team1 servers.
Team2 can see only Team2 servers and services using the APIs can create/modified only Team2 servers, not team1 servers.

The way multi-tenancy works in Nagios XI is that the user account can allow view or configure the objects that they are assigned to as a monitoring contact. However, this can be adjusted in the user settings.

user-perms.png

The API is less flexible. If they have a user account and API access, they can only access the objects endpoint, so they would not be able to make changes to objects using the API, this would have to be done in the CCM.

See: https://assets.nagios.com/downloads/nag ... ios-XI.pdf

On the other question, there's an option to force a change password change on the user account, but I'd have to submit a feature request for similar functionality with the API key.

Let me know if you have more questions.

Benjamin

[bseuser]

Hi Benjaminsmith,

I tried the below-suggested user settings and tried to get the host information by using the API key(user) and getting the "Authentication issue". Below is the output for reference.

Code: Select all

% curl -XGET "http://nagiosxidev/nagiosxi/api/v1/config/host?apikey=DD2CSVkL2TmpCGhlVNbLt5snuTYXeo77h8Z9jjbFsQk4sFJIITprfbSM47KhO7H5&pretty=1"
{
    "error": "Authenticiation failed."
}

And also observe the spelling mistake in the above output: Authenticiation instead of Authentication.

[lmiltchev]

Only admins can use the Config Reference API end point...

example-01.jpg

[bseuser]

I am not doing any creation or deletion using API with limited access. I use the GET command to see what hosts are configured in Nagios.
So, with limited user permission GET command also won't execute?