Thruk Agent Charm

Enable https (and disabling http) breaks authentication

Bug #1849578 reported by Xav Paice
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Thruk Agent Charm
Fix Released
High
Unassigned
Thruk Agent Charm 20.08

Bug Description

If we switch Nagios to only run via https, not http (i.e. remove port 80 entirely), the Thruk interface presents: "It seems like you are not authorized."

See https://github.com/sni/Thruk/issues/657

To fix:

https://thruk.org/documentation/faq.html#enable-https-tls-ssl-in-apache-webserver-for-thruk

Add Include /usr/share/thruk/thruk_cookie_auth.include to the vhost definition.

This step might require a change to the Nagios charm, depending on if there's a thruk-agent relation.

The other change that needs making is to set cookie_auth_restricted_url = https://localhost/thruk/cgi-bin/restricted.cgi in /etc/thruk/thruk_local.conf.

So far I've tested those changes but still authentication isn't working - I might also try removing cookie based auth to see if that works out.

Related branches

~addyess/charm-thruk-agent:lp1849578-enable_https_without_http
Chris Sanders (community): Approve
Xav Paice: Pending requested
Andrea Ieri: Pending requested
Diff: 38 lines (+20/-0)
1 file modified
hooks/actions.py (+20/-0)
Edin S (exsdev)
Changed in charm-thruk-agent:
importance: Undecided → High
Adam Dyess (addyess)
Changed in charm-thruk-agent:
status: New → In Progress
assignee: nobody → Adam Dyess (addyess)
Revision history for this message
Adam Dyess (addyess) wrote :

It turns out that on every config change on nagios charm,
/etc/apache2/sites-available/default-ssl.conf is completely re-written. interestingly enough thruk does a nice job on it's install to place the /usr/share/thruk/thruk_cookie_auth.include into the VirtualHost files, however this full rewrite in nagios doesn't take into account this inserted line.

I was able to have success without having to change /etc/thruk/thruk_local.conf

Changed in charm-thruk-agent:
status: In Progress → Confirmed
Revision history for this message
Adam Dyess (addyess) wrote :

My approach on this will be to create a new directory

/etc/apache2/vhost.d/

in which the nagios template for the VirtualHost includes anything from this directory with
```
  IncludeOptional /etc/apache2/vhost.d/*.include
```

Then in the thruk-agent charm, we can symlink:
  /etc/apache2/vhost.d/thruk_cookie_auth.include --> /usr/share/thruk/thruk_cookie_auth.include

Nagios: https://code.launchpad.net/~addyess/charm-nagios/+git/charm-nagios/+merge/387090
Thruk-Agent: https://code.launchpad.net/~addyess/charm-thruk-agent/+git/charm-thruk-agent/+merge/387091

Changed in charm-thruk-agent:
status: Confirmed → In Progress
Revision history for this message
Adam Dyess (addyess) wrote :

Released here: https://jaas.ai/u/bootstack-charmers-next/thruk-agent/2

Changed in charm-thruk-agent:
status: In Progress → Fix Released
Adam Dyess (addyess)
Changed in charm-thruk-agent:
assignee: Adam Dyess (addyess) → nobody
milestone: none → 20.08
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.