[SOLVED] API inconsistent

V

voidic

New Member
Dec 13, 2024
6
0
1
Hi,

Sometimes when using the JSON API certain hosts don't return the resource part from /api2/json/nodes despite having the same permissions and running the same version.

pve-manager: 8.3.5

1743168203443.png

Node 1:
JSON: 
{
    "data": [
        {
            "maxmem": 135071125504,
            "ssl_fingerprint": "48:9E:50:F4:E2:8A:C0:17:C0:46:60:02:21:74:4B:2F:B1:3C:1C:9C:97:B4:03:1E:29:CC:B8:22:88:C5:FC:77",
            "disk": 13747462144,
            "type": "node",
            "maxdisk": 100861726720,
            "cpu": 0.113888088277679,
            "level": "",
            "maxcpu": 24,
            "status": "online",
            "mem": 91824427008,
            "uptime": 3199505,
            "node": "pve",
            "id": "node/pve"
        }
    ]
}

Node 2:
JSON: 
{
    "data": [
        {
            "status": "online",
            "id": "node/ns5026729",
            "node": "ns5026729",
            "ssl_fingerprint": "24:0A:C1:74:59:88:7D:74:33:86:C6:2E:87:26:5B:17:70:FD:E6:77:DD:82:38:8B:96:17:95:DD:08:4B:52:73",
            "level": "",
            "type": "node"
        }
    ]
}
 
Hi!

Could you post the exact request (e.g. with curl) you're making and the permissions that the API token / user has? There's not much information about which permissions the role "Download" permits and it is important that the API token / user has the Sys.Audit permission for the ACL /nodes (or for specific /nodes/{node}) set.
 
Hi,

Download group allows Sys.AccessNetwork
Its a simple GET request, im not using curl, i have 3 proxmox servers (non-cluster).

PVEAuditor has Sys.Audit and i added it to / with propagate which is the same on all nodes.

Is it possible that the API server will truncate the response in some cases due to TCP-MSS? Because im connecting over Wireguard VPN which has 1420 MTU and ive had other issues with MTU before.

Regards,
Kieran
 
Last edited:
it is important that the API token / user has the Sys.Audit permission for the ACL /nodes (or for specific /nodes/{node}) set.
Click to expand...

This was the issue, on the other node i didn't have privilege separation enabled which explains why it was responding.
 
You must log in or register to reply here.
Top Bottom