PBS - API - Missing informations

[DamienB]

Hello,

I'm using a PBS(2.1-5) for more than year and I try to integrate it to my supervision(prometheus) via the blackbox exporter(http's probe).
To do this I have to interact with the API and here is the problem: the documentation is very poor about details.

Here is my script to try to interact with this API.

#!/bin/bash source .credentials FQDN="mon.pbs.fr" curl --request POST --silent --insecure --data ${CREDENTIALS} \ https://${FQDN}:8007/api2/json/access/ticket \ | jq -r '.data.ticket' | sed 's/^/PBSAuthCookie=/' > cookie curl --request get --insecure --cookie "$(<cookie)" https://${FQDN}:8007/api2/json | jq '.'

I don't know if "PBSAuthCookie" is the correct value.
In proxmox pve api's documentation they speak about PVEAuthCookie https://pve.proxmox.com/wiki/Proxmox_VE_API
So I change it to PBSAuthCookie but there is no precision about it in the PBS documentation.

I also try like this:
curl -v -s -k --cookie "PBSAuthCookie=$TICKET" -X GET https://${FQDN}:8007/api2/json

I got: authentication failed - no authentication credentials provided

Any idea?

 

[DamienB]

Log details:

*   Trying 176.31.0.227:8007...
* TCP_NODELAY set
* Connected to pbs.dawan.fr (176.31.0.227) port 8007 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=pbs.dawan.fr
*  start date: Apr 30 00:00:00 2022 GMT
*  expire date: Jul 29 23:59:59 2022 GMT
*  issuer: C=AT; O=ZeroSSL; CN=ZeroSSL RSA Domain Secure Site CA
*  SSL certificate verify ok.
> GET /api2/json/access/roles HTTP/1.1
> Host: pbs.dawan.fr:8007
> User-Agent: curl/7.68.0
> Accept: */*
> Cookie:
PBSAuthCookie=*****
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< content-type: application/json;charset=UTF-8
< content-length: 63
< date: Wed, 29 Jun 2022 09:34:12 GMT
<
* Connection #0 to host pbs.dawan.fr left intact

 

[fabian]

did you verify that you actually get a valid ticket?

 

[DamienB]

Hello Fabian,

I got a ticket yes but... How can I test if it is valid?

{
  "data": {
    "CSRFPreventionToken": "62BBFFEF:S5YlV5THZubNj6*****",
    "ticket": "****",
    "username": "root@pam"
  }
}

 

[fabian]

this one

curl --request get --insecure --cookie "$(<cookie)" https://${FQDN}:8007/api2/json | jq '.'

fails for me since it's supposed to be GET, not get, and non-GET requests need the CSRF token passed as well

this one

curl -v -s -k --cookie "PBSAuthCookie=$TICKET" -X GET https://${FQDN}:8007/api2/json

maybe fails because $TICKET doesn't contain what you think it does?

 

[DamienB]

Thank you for your help Fabian.

You right I miss the correct value 'GET'.

Did anyone succeeded to integrate pbs in prometheus ?