[Check_mk (english)] Possible dashboard view without browser authentication

Cory Meyer cory.meyer at gmail.com
Tue Sep 3 18:07:36 CEST 2013


If you don't use authentication in Apache you can pass the variables set
from the login form on the command line.

http://10.10.10.1/omd/check_mk/dashboard.py?_username=kiosk_user&_password=supersecretpassword&_login=1&_origtarget=dashboard.py&name=main



For those which might use Apache for authentication just setup a reverse
proxy.   The requestHeader line will pass the authentication credentials.
Just Base64 encode the "username:password" string and paste that in the
config.

<VirtualHost *>
ServerName monitoringkiosk

<Location /omd>
        Order allow,deny
        Allow from 10.10.10.222
        Options +FollowSymLinks
        ProxyPass http://10.10.10.1/omd retry=0 disablereuse=On
        ProxyPassReverse http://10.10.10.1/omd
        RequestHeader set Authorization "Basic
<base64-encode-username:password>"
</Location>
</VirtualHost>







On Fri, Jun 7, 2013 at 10:17 AM, Fernando Feijo <ffeijo at ffeijo.com> wrote:

> Bump, in the hope can figure out why non-authentication access is not
> working.
>
> Thanks for any pointers,
>
> Fernando
>
>
> On Jun 5, 2013, at 3:17 PM, Fernando Feijo <ffeijo at ffeijo.com> wrote:
>
> Mathias,
>
> Thanks for your reply. I got closer, but am still messing up some steps.
> Here are the changes I have done.
>
> For apache, zzz_check_mk.conf now has this, allowing everyone:
>
>  Alias /check_mk /usr/share/check_mk/web/htdocs
>   <Directory /usr/share/check_mk/web/htdocs>
>         AddHandler mod_python .py
>         PythonHandler index
>         PythonDebug Off
> DirectoryIndex index.py
> Order allow,deny
> Allow from all
>         Satisfy any
>   </Directory>
>
>
> For the secret file, the page you linked to instructs OMD users to store
> the secret file in location "var/check_mk/web/*USER*/automation.secret".
>
> I compiled 1.2.2 from source, and do not have the OMD folder structure.
> After some looking around, I found directory "/var/lib/check_mk/web" which
> seems to be the equivalent for compiled-from-source folks. I then created a
> directory underneath, for  a user I called myguest. Naturally the directory
> has the same name: "/var/lib/check_mk/web/myguest". Inside this directory I
> created a file named automation.secret. The final result looks like this,
> with all files world-readable as a troubleshooting step:
>
> *ffeijo at lin-nagios-new:/var/lib/check_mk/web/myguest$ ls -la*
> *total 12*
> *drwxrwxrwx  2 www-data www-data 4096 2013-06-05 11:16 .*
> *drwxrwxr-x 16 nagios   www-data 4096 2013-06-05 15:50 ..*
> *-rwxrwxrwx  1 www-data www-data    6 2013-06-05 15:14 automation.secret*
> *
> *
> *
> ffeijo at lin-nagios-new:/var/lib/check_mk/web/myguest$ cat
> automation.secret
> mypwd
> *
>
>
>
> After bouncing apache and the browser, I attempted to log using this url
> on the browser:
>
> http://myhost/check_mk/dashboard.py?_username=myguest&_secret=mypwd
>
>
> The example below had a folder /prod that I assumed is from your
> structure, so I did not use that. The good news is that I did not get a
> password prompt with the url above. The browser, however, starts to render
> the page then goes into a loop. I captured what the partially rendered
> page looks like<http://content.screencast.com/users/ffeijo/folders/Snagit/media/8228d284-43f0-4643-89fa-0ef13f852382/2013-06-05_15-10-55.png>,
> and I also captured what shows as source code<http://content.screencast.com/users/ffeijo/folders/Snagit/media/18fe7d6f-d051-4bce-8fb7-5fe98ca7b3d2/2013-06-05_15-13-36.png> when
> that happens.
>
> I am hoping that you or someone else with experience can figure out why
> the browser stops rendering the page and goes into a loop. Thanks for any
> pointers to the right direction.
>
> Fernando
>
>
>
>
>
> On Jun 5, 2013, at 2:21 AM, "Decker, Mathias" <
> mathias.decker at mdc-berlin.de> wrote:
>
> You could use the automation feature described here
> http://mathias-kettner.de/checkmk_multisite_automation.html****
>
> Then you can open your check_mk with
> http://myhost/prod/check_mk/dashboard.py?_username=username&_secret=secret
> ****
>
> --****
>
> *From:* checkmk-en-bounces at lists.mathias-kettner.de [mailto:checkmk-
> en-bounces at lists.mathias-kettner.de] *On Behalf Of *Fernando Feijo
> *Sent:* Dienstag, 4. Juni 2013 23:36
> *To:* checkmk-en at lists.mathias-kettner.de
> *Subject:* [Check_mk (english)] Possible dashboard view without browser
> authentication****
> ** **
> ** **
> Our NOC got a TV with a built-in browser, and of course the most wanted
> thing is the Multi-site dashboard :)****
> ** **
> I load it in an iframe<http://content.screencast.com/users/ffeijo/folders/Snagit/media/e9fd399f-0b14-4f87-96a7-db57d8523c61/2013-06-04_16-19-07.png>.
> There are other iframes with WeatherMaps,  Google-maps tiles laid on Nagios
> data, etc. Not as popular, though.****
> ** **
> Thing is, the built-in TV browser is brain damaged and does not allow
> authentication. The other elements in the page do not require a password,
> but currently Multisite does.****
> ** **
> This is how we call  the dashboard. It works well, if requiring
> authentication:****
> ** **
>             <IFRAME ALIGN="center" HEIGHT="658" WIDTH="998"
> SCROLLING="YES" NAME="MultiSite" FRAMEBORDER="0" MARGINWIDTH="0"
> MARGINHEIGHT="0" SRC="https:/myhost/check_mk/dashboard.py?name=ff"></IFRAME>
> ****
> ** **
> ** **
> I tried to cheat opening Apache to anyone, but then I got hit with an
> internal password prompt with the code above. Is there a way I can satisfy
> the stupid TV browser and still make the dashboard available. ****
> ** **
> Thanks for any pointer in the right direction.****
> ** **
> Fernando****
> ** **
> ** **
> ** **
>
>
> _______________________________________________
> checkmk-en mailing list
> checkmk-en at lists.mathias-kettner.de
> http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en
>
>
>
> _______________________________________________
> checkmk-en mailing list
> checkmk-en at lists.mathias-kettner.de
> http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mathias-kettner.de/pipermail/checkmk-en/attachments/20130903/982c3dda/attachment-0001.html>


More information about the checkmk-en mailing list