Can't connect with most recent Shinken (> 2.4.3)
Closed this issue ยท 12 comments
Hi,
I've done a fresh install of shinken and when i'm trying to connect to the web interface with admin/admin or guest/guest, i'm not able to. Hi add the same problem few month ago, trying it for a student project.
Seems it is the same problem that the #586 issue but when i'm doing "shinken --version" it says shinken 2.4.3.
probably important
I've not install shinken with "pip install" because even if I download it the installation is not working and the tar.gz isn't available.
Here is how I've done
root@monitoring:~# cd /usr/src
root@monitoring:~# git clone https://github.com/naparuba/shinken
root@monitoring:~# cd shinken
root@monitoring:~# python setup.py install --root=/
root@monitoring:~# chown -R shinken.shinken /var/log/shinken
root@monitoring:~# chown -R shinken.shinken /var/lib/shinken
root@monitoring:~# chown -R shinken.shinken /etc/shinken
root@monitoring:~# chown -R shinken.shinken /var/run/shinken
root@monitoring:~# update-rc.d shinken defaults
root@monitoring:~# apt install monitoring-plugins
root@monitoring:~# apt clean
Here are some extracts :
/etc/shinken/contacts/admin.cfg:
# This is a default admin
# CHANGE ITS PASSWORD!
define contact{
use generic-contact
contact_name admin
contactgroups admin,users
email shinken@localhost
pager 0600000000 ; contact phone number
password admin
is_admin 1
expert 1
}
cat /etc/shinken/brokers/broker-master.cfg:
# BROKER (S1_Broker)
#===============================================================================
# Description: The broker is responsible for:
# - Exporting centralized logs of all Shinken daemon processes
# - Exporting status data
# - Exporting performance data
# - Exposing Shinken APIs:
# - Status data
# - Performance data
# - Configuration data
# - Command interface
# https://shinken.readthedocs.org/en/latest/08_configobjects/broker.html
#===============================================================================
define broker {
broker_name broker-master
address localhost
port 7772
spare 0
## Optional
manage_arbiters 1 ; Take data from Arbiter. There should be only one
; broker for the arbiter.
manage_sub_realms 1 ; Does it take jobs from schedulers of sub-Realms?
timeout 3 ; Ping timeout
data_timeout 120 ; Data send timeout
max_check_attempts 3 ; If ping fails N or more, then the node is dead
check_interval 60 ; Ping node every N seconds
## Modules
# Default: None
# Interesting modules that can be used:
# - simple-log = just all logs into one file
# - livestatus = livestatus listener
# - tondodb-mysql = NDO DB support (deprecated)
# - npcdmod = Use the PNP addon
# - graphite = Use a Graphite time series DB for perfdata
# - webui = Shinken Web interface
# - glpidb = Save data in GLPI MySQL database
# Comma separated list of modules
modules webui2,mongo-logs
# Enable https or not
use_ssl 0
# enable certificate/hostname check, will avoid man in the middle attacks
hard_ssl_name_check 0
## Advanced
realm All
}
up
I'm sorry @ichigo29 I don't know how to help you.
What version of the WebUI did you installed? Are you sure /etc/shinken/contacts/admin.cfg
is included in your shinken.cfg
?
Perharps some log will help to understand ... please restart your broker, try to connect and then provide the broker log file.
PS: sure about this: chown -R shinken.shinken /var/log/shinken
? It should be ``shinken:shinken`, no ?
Hello. I recently had the exact same issue and I could fix it by patching upstream shinken. I wrote a fix which has been sent to the upstream Shinken repository as shinken-solutions/shinken#1971.
Using upstream shinken, you'll find messages on WebUI's log saying:
You need to have a contact having the same name as your user: admin
The user 'admin' has not been authenticated.
user 'admin' access denied, redirection to: /user/login?error=Invalid user or Password
login page with error message: Invalid user or Password
To be clear, this is happening using a fresh install of Shinken with just the bare minimum amount of plugins (mod-webui and mod-livestatus, which doesn't work as well, by the way) and doing the minimum amount of changes to the config in /etc/shinken (registering the plugins). And it has to do more with a bug in Shinken rather than with mod-webui, because mod-webui is behaving correctly.
Apparently Shinken is not correctly providing actions and broks to mod-webui due to a bug in the brok throttler, which was introduced post-2.4.3. Therefore, mod-webui is never given the initial broks including the contacts, so mod-webui has no users to authenticate because it never receives the list of users that should be allowed to authenticate.
Maybe there is some testing required on behind of that PR, but I believe the patch should go forward, as currently the open source version of shinken is on an unusable stage. I don't know if @ichigo29 could try to apply the patch and report a result? Something like
cd /usr/src/shinken
git reset --hard master
curl -L https://github.com/naparuba/shinken/pull/1971.diff | patch -p1
and then reinstall shinken and attempt to login through mod-webui again.
Great job @danirod
I was not aware of these modifications in the Shinken core... I had a look to your PR and it really makes sense
Thank you @danirod
I'm not sure you should be using upstream Shinken. 2.4.3 should be the last stable version.
Thanks a lot @danirod ! I was stuck the same way with 2.4.3 and your fix helped me
Renamed this issue to make it more useful
s/4.2.3/2.4.3
Thanks ๐คฃ
The close-reopen bump was noticed in my e-mail. ๐
shinken-solutions/shinken#1971 was already merged a while ago in the development trunk (Happy birthday, dear PR). Because this bug affects the development trunk and not 2.4.3, unless a regression has been recently introduced that breaks the connection again, this can be marked as fixed.