Hello,
i am testing v2.0 (docker) and want to use the dynamic ansible inventory feature.
My config is the same as with v1.7.2 (which works well): an automation user is member of a group with only the “base.exportd.job.run”-right assigned, but in v2.0 i get the following error:
Hi @MiB ,
there were no changes made to the Ansible section in the last release. Could you provide us some more information so that we can reproduce the issue ?
Hi,
using the inventoy script i still get the message:
{"description":"The server could not verify that you are authorized to access the URL requested. You either supplied the wrong credentials (e.g. a bad password), or your browser doesn't understand how to supply the credentials required.","joke":"Even a blind squirrel finds a nut once in a while.","message":"","response":"Unauthorized: http://vmdgerry2/rest/exportdjob/pull/ansible-inventory-all","status":401}
I get this message even if i assign the rights “base.*” or “base.*” and “base.exportd.job.*” to the group that the ansible user belongs to.
Using the URL “http://ansible:<password>@vmdgerry2/rest/” works with the attached browser message, so the password should be correct. The browser then shows the JSON response:
Hello,
i still haven’t found the solution to this issue. Have started nginx in debug mode, this is what i get from the logs:
access.log:
192.168.122.1 - ansible [28/Nov/2023:18:48:33 +0000] “GET /rest/exportdjob/pull/ansible-inventory-all HTTP/1.1” 401 412 “-” “curl/7.81.0” “-”
I have exactly the same problem. After playing around for a while, it now seems that you first have to authenticate yourself and query a bearer token, then you can query the REST endpoint.
Hi,
I adapted the script. For it to work, jq must be installed!
Here is the script:
#!/bin/bash -e
# DATAGERRY - OpenSource Enterprise CMDB
# Copyright (C) 2019 NETHINKS GmbH
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# small helper script for ansible dynamic inventory
# config variables
DATAGERRY_EXPORT_TASK=ansible
DATAGERRY_REST_URL=https://datagerry.example.com/rest
DATAGERRY_REST_USER=<USERNAME>
DATAGERRY_REST_PASSWORD=<PASSWORD>
DATAGERRY_BEARER_TOKEN=$(curl -sX POST ${DATAGERRY_REST_URL}/auth/login \
-H 'Content-Type: application/json' \
-d "{\"password\":\"${DATAGERRY_REST_PASSWORD}\",\"user_name\":\"${DATAGERRY_REST_USER}\"}" | jq -r .token)
# create output
if [ "$1" == "--list" ]
then
# execute task
curl \
-XGET \
-H "Authorization: Bearer ${DATAGERRY_BEARER_TOKEN}" \
--silent \
${DATAGERRY_REST_URL}/exportdjob/pull/${DATAGERRY_EXPORT_TASK}
else
echo "[]"
fi
Hi @Alex ,
BasicAuth was not dropped, the first guess is that one of the many package updates changed something. We will have a closer look at it and try to integrate the fix in the next minor release.
Hi,
the issue with basic auth should be fixed with the next release. Please let us know if there are still issues on this topic in version 2.1.0(which will be released soon).