{"id":46323,"date":"2024-05-24T07:13:39","date_gmt":"2024-05-24T07:13:39","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=46323"},"modified":"2024-05-29T03:05:07","modified_gmt":"2024-05-29T03:05:07","slug":"icinga2-how-to-enable-api-in-icinga","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/icinga2-how-to-enable-api-in-icinga\/","title":{"rendered":"icinga2: How to enable Api in icinga?"},"content":{"rendered":"<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">$ icinga2 api setup\n$ systemctl restart icinga2\n$ icinga2 feature enable api\n\n\/etc\/icinga2\/zones.conf\n\nobject Endpoint <span class=\"hljs-string\">\"self\"<\/span> {\n    host = <span class=\"hljs-string\">\"172.31.11.106\"<\/span> <span class=\"hljs-comment\">\/\/ can be omitted if it's the same system<\/span>\n}\n\n\/etc\/icinga2\/conf.d\/api-users.conf\nobject ApiUser <span class=\"hljs-string\">\"api\"<\/span> {\n    password = <span class=\"hljs-string\">\"rajesh123\"<\/span>\n    permissions = &#91; <span class=\"hljs-string\">\"*\"<\/span> ]\n    <span class=\"hljs-comment\">\/\/ Ensure the client_cn is matching if you're using certificate-based authentication<\/span>\n}\n\n\/etc\/icinga2\/zones.conf\nobject Zone <span class=\"hljs-string\">\"master\"<\/span> {\n    endpoints = &#91; <span class=\"hljs-string\">\"self\"<\/span> ]\n}\n\n$ systemctl restart icinga2<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>In this example:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>api-user<\/strong> is the username for the API.<\/li>\n\n\n\n<li><strong>secret<\/strong> is the password (you should choose a strong, secure password).<\/li>\n\n\n\n<li><strong>permissions<\/strong> defines what the user is allowed to do:\n<ul class=\"wp-block-list\">\n<li><code>status\/query<\/code> allows the user to query Icinga2 status.<\/li>\n\n\n\n<li><code>actions\/*<\/code> permits the user to perform all actions like sending custom notifications, rescheduling checks, etc.<\/li>\n\n\n\n<li><code>objects\/modify\/*<\/code> allows the user to modify objects.<\/li>\n\n\n\n<li><code>objects\/query\/*<\/code> permits querying all object types.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">Here\u2019s how you can define an API user <span class=\"hljs-keyword\">with<\/span> specific permissions:\n\nvi \/etc\/icinga2\/features-enabled\/api.conf\n\nAdd the following configuration block to the file:\n\n\nobject ApiUser <span class=\"hljs-string\">\"api-user\"<\/span> {\n  password = <span class=\"hljs-string\">\"secret\"<\/span>\n  permissions = &#91; <span class=\"hljs-string\">\"status\/query\"<\/span>, <span class=\"hljs-string\">\"actions\/*\"<\/span>, <span class=\"hljs-string\">\"objects\/modify\/*\"<\/span>, <span class=\"hljs-string\">\"objects\/query\/*\"<\/span> ]\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Available permissions for specific URL endpoints:<\/p>\n\n\n\n<p>The permissions field in the ApiUser object specifies what the API user is allowed to do. You can tailor the permissions according to your security and operational requirements. Here are some common permissions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>*<\/code>: Grants full access.<\/li>\n\n\n\n<li><code>status\/query<\/code>: Allows querying Icinga2 status.<\/li>\n\n\n\n<li><code>objects\/query\/*<\/code>: Allows reading all object types.<\/li>\n\n\n\n<li><code>objects\/query\/Hosts<\/code>: Limits reading to host objects.<\/li>\n\n\n\n<li><code>objects\/modify\/*<\/code>: Allows modification of all object types.<\/li>\n\n\n\n<li><code>actions\/*<\/code>: Allows all actions like acknowledging problems or sending notifications.<\/li>\n<\/ul>\n\n\n\n<p>Available permissions for specific URL endpoints:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>Permissions<\/th><th>URL Endpoint<\/th><th>Supports filters<\/th><th>Max body size in MB<\/th><\/tr><\/thead><tbody><tr><td>actions\/&lt;action&gt;<\/td><td>\/v1\/actions<\/td><td>Yes<\/td><td>1<\/td><\/tr><tr><td>config\/query<\/td><td>\/v1\/config<\/td><td>No<\/td><td>1<\/td><\/tr><tr><td>config\/modify<\/td><td>\/v1\/config<\/td><td>No<\/td><td>512<\/td><\/tr><tr><td>console<\/td><td>\/v1\/console<\/td><td>No<\/td><td>1<\/td><\/tr><tr><td>events\/&lt;type&gt;<\/td><td>\/v1\/events<\/td><td>No<\/td><td>1<\/td><\/tr><tr><td>objects\/query\/&lt;type&gt;<\/td><td>\/v1\/objects<\/td><td>Yes<\/td><td>1<\/td><\/tr><tr><td>objects\/create\/&lt;type&gt;<\/td><td>\/v1\/objects<\/td><td>No<\/td><td>1<\/td><\/tr><tr><td>objects\/modify\/&lt;type&gt;<\/td><td>\/v1\/objects<\/td><td>Yes<\/td><td>1<\/td><\/tr><tr><td>objects\/delete\/&lt;type&gt;<\/td><td>\/v1\/objects<\/td><td>Yes<\/td><td>1<\/td><\/tr><tr><td>status\/query<\/td><td>\/v1\/status<\/td><td>Yes<\/td><td>1<\/td><\/tr><tr><td>templates\/&lt;type&gt;<\/td><td>\/v1\/templates<\/td><td>Yes<\/td><td>1<\/td><\/tr><tr><td>types<\/td><td>\/v1\/types<\/td><td>Yes<\/td><td>1<\/td><\/tr><tr><td>variables<\/td><td>\/v1\/variables<\/td><td>Yes<\/td><td>1<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">Test the API\nTest the API setup by making a request using curl or any other HTTP client:\n\ncurl -k -s -u <span class=\"hljs-string\">'api:rajesh123'<\/span> -H <span class=\"hljs-string\">'Accept: application\/json'<\/span> <span class=\"hljs-string\">'https:\/\/localhost:5665\/v1\/status'<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">Query an existing object by sending a POST request <span class=\"hljs-keyword\">with<\/span> X-HTTP-Method-Override: GET <span class=\"hljs-keyword\">as<\/span> request header:\n\ncurl -k -s -S -i -u <span class=\"hljs-string\">'root:icinga'<\/span> -H <span class=\"hljs-string\">'Accept: application\/json'<\/span> \\\n -H <span class=\"hljs-string\">'X-HTTP-Method-Override: GET'<\/span> -X POST \\\n <span class=\"hljs-string\">'https:\/\/localhost:5665\/v1\/objects\/hosts'<\/span>\nDelete an existing object by sending a POST request <span class=\"hljs-keyword\">with<\/span> X-HTTP-Method-Override: DELETE <span class=\"hljs-keyword\">as<\/span> request header:\n\ncurl -k -s -S -i -u <span class=\"hljs-string\">'root:icinga'<\/span> -H <span class=\"hljs-string\">'Accept: application\/json'<\/span> \\\n -H <span class=\"hljs-string\">'X-HTTP-Method-Override: DELETE'<\/span> -X POST \\\n <span class=\"hljs-string\">'https:\/\/localhost:5665\/v1\/objects\/hosts\/example.localdomain'<\/span>\nQuery objects <span class=\"hljs-keyword\">with<\/span> complex filters. For a detailed introduction into filter, please read the following chapter.\n\ncurl -k -s -S -i -u <span class=\"hljs-string\">'root:icinga'<\/span> -H <span class=\"hljs-string\">'Accept: application\/json'<\/span> \\\n -H <span class=\"hljs-string\">'X-HTTP-Method-Override: GET'<\/span> -X POST \\\n <span class=\"hljs-string\">'https:\/\/localhost:5665\/v1\/objects\/services'<\/span> \\\n -d <span class=\"hljs-string\">'{ \"filter\": \"service.state==2 &amp;&amp; match(\\\"ping*\\\",service.name)\" }'<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>","protected":false},"excerpt":{"rendered":"<p>In this example: Available permissions for specific URL endpoints: The permissions field in the ApiUser object specifies what the API user is allowed to do. You can tailor the permissions&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[8217],"tags":[],"class_list":["post-46323","post","type-post","status-publish","format-standard","hentry","category-icinga"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/46323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=46323"}],"version-history":[{"count":4,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/46323\/revisions"}],"predecessor-version":[{"id":46345,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/46323\/revisions\/46345"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=46323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=46323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=46323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}