Tunnel connection failed: 403 forbidden
s-blottk opened this issue · 8 comments
Hello,
the following error occurs when using this script with Icinga2:
2022-02-28 17:40:57,027 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:40:57,028 - DEBUG: HTTP REQUEST: GET
PATH: /redfish/v1/
BODY: None
2022-02-28 17:40:57,028 - INFO: Attempt 1 of /redfish/v1/
2022-02-28 17:40:57,063 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:40:58,065 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:40:58,065 - DEBUG: HTTP REQUEST: GET
PATH: /redfish/v1/
BODY: None
2022-02-28 17:40:58,065 - INFO: Attempt 2 of /redfish/v1/
2022-02-28 17:40:58,083 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:40:59,089 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:40:59,090 - DEBUG: HTTP REQUEST: GET
PATH: /redfish/v1/
BODY: None
2022-02-28 17:40:59,090 - INFO: Attempt 3 of /redfish/v1/
2022-02-28 17:40:59,245 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:41:00,252 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
2022-02-28 17:41:00,252 - DEBUG: HTTP REQUEST: GET
PATH: /redfish/v1/
BODY: None
2022-02-28 17:41:00,252 - INFO: Attempt 4 of /redfish/v1/
2022-02-28 17:41:00,267 - INFO: Retrying /redfish/v1/ [Tunnel connection failed: 403 Forbidden]
2022-02-28 17:41:01,272 - DEBUG: Proxy HTTPS connection to 10.116.246.168 through cloud-revproxy.localdomain:8080
[CRITICAL]: Unable to connect to Host '10.116.246.168', max retries exhausted.
Each service check fails with
Unable to connect to Host '', max retries exhausted.
Service check and check commands have been copied from here:
https://github.com/bb-Ricardo/check_redfish/blob/master/contrib/icinga2_check_redfish_command.conf
https://github.com/bb-Ricardo/check_redfish/blob/master/contrib/icinga2_hw_service_checks_example.conf
Usually I am using the Nagios "check_ilo2_health" (https://exchange.nagios.org/directory/Plugins/Hardware/Server-Hardware/HP-(Compaq)/check_ilo2_health/details) but since iLO version 5 it does not work that well anymore.
All dependencies have been installed on the CentOS 7 system.
Host to be queried is a HPE XL190r Gen10 on ILO 5 (2.55)
The Icinga2 VM can ping the HPE machine, so network shouldn't be the problem.
I tried to implement this code line in the python script, but it did not solve the issue:
os.environ['no_proxy'] = "*"
Hi,
So there is a proxy configured but you want to connect directly to the machines? Did I understand that correctly?
Is there a proxy configured in the environment? Did you try to unset the proxy variables?
Hello Ricardo,
correct, I want to connect directly to the machine.
Even when the http_proxy and https_proxy get unset, the same error message occurs.
It is very interesting that the queries do function when they get executed on the CLI:
root@icinga2:/usr/lib64/nagios/plugins/check_mk>>/usr/lib64/nagios/plugins/check_redfish/check_redfish.py -H 10.116.246.168 -u USERNAME-p PW--power [OK]: Chassi 1 : All power supplies (2) are in good condition [OK]: Chassi enclosurechassis : All power supplies (2) are in good condition|'ps_1.1'=355 'ps_1.2'=355 'ps_enclosurechassis.1'=355 'ps_enclosurechassis.2'=355
Hi,
Then your icinga environment must contain proxy settings.
Change to the icinga user and run env or your icinga config contains theses settings.
were you able to figure out where the proxy settings are coming from?
Sadly the community couldn't help me out...
Did you try to set the no_proxy env var in the command definition?
If have found the solution.
Just set e.g.
NO_PROXY="10.116.246.168,localhost,127.0.0.1,localaddress,.localdomain.com"
in sysconfig/icinga2 on your icinga2 client.
Thank you bb-Ricardo!
Ahh, so it was a system wide setting and this way you can disable it!
Great to hear.