xMatters Agent SSL

Not Yet Reviewed

Hi! we are using the xMatter agent and was working with no problem executing custom steps from cloud -> on premise agent -> internal system. 

We are now trying to send from our internal system -> on premise agent -> cloud 

and we are having some problems. 

Checking the health of the agent: 

{"status":"UP","details":{"agent":{"status":"UP","details":{"connected":true,"lastConnectedTime":"2020-01-28 18:52:20-0300","lastHeartbeatTime":"2020-01-28 18:58:10-0300"}},"diskSpace":{"status":"UP","details":{"total":6207111168,"free":3967320064,"threshold":10485760}}}}

Looks all good. But when tryng to test a custom step to see if we can reach the cloud we have this problem:

[netsol@SR-CADOI-AP01 xa]$ curl -x "" -H "Content-Type: application/json" -X POST -d'{
"ticket number" : "1072128190001",
"summary": "Web App registration is down",
"Salida": "close"
}' "https://localhost:8081/api/integration/1/functions/UUID-UUID-UUID/triggers?apiKey=UUID-UUID-UUID"
curl: (35) SSL received a record that exceeded the maximum permissible length.

When tryng only http we get an entry at the log:

2020-01-28 19:00:27,564 6814 [qtp1745608181-45] com.xmatters.xagent.services.HyraxProxy ERROR --- Failed forwarding to Hyrax: Entity may not be null

is there any way to disable ssl to test or get any idea of why is failing when calling from the same host?

0

Comments

10 comments
Date Votes

Please sign in to leave a comment.

  • Hey Dante!

        The agent isn't configured to use https and we're aware the UI gives you the url as http. This is known and should be fixed soon. The workaround is to use http instead, which it looks like you correctly guessed. 

    Which brings us to the next problem. I'm still digging but can you show any API requests in your step? What are you calling and what are you passing? 

    Happy Tuesday!
       --- Travis

    0
  • Oh, and can you add the -v parameter to get a little more verbose output on the curl command?

    Thanks!

    0
  • Hey Travis! ok will update to only http!

    This is the output of curl with -v from the same host without going trough the proxy (since is localhost)

    [netsol@SR-CADOI-AP01 xa]$ curl -x "" -v -H "Content-Type: application/json" -X POST -d'{ "ticket number" : "1072128190004", "summary": "Web App registration is down", "Salida": "open" }' "http://localhost:8081/api/integration/1/functions/UUID-UUID-UUID/triggers?apiKey=UUID-UUID-UUID"
    * About to connect() to localhost port 8081 (#0)
    * Trying ::1...
    * Connected to localhost (::1) port 8081 (#0)
    > POST /api/integration/1/functions/UUID-UUID-UUID/triggers?apiKey=UUID-UUID-UUID HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: localhost:8081
    > Accept: */*
    > Content-Type: application/json
    > Content-Length: 98
    >
    * upload completely sent off: 98 out of 98 bytes
    < HTTP/1.1 200 OK
    < Date: Tue, 28 Jan 2020 23:39:19 GMT
    < X-Content-Type-Options: nosniff
    < X-XSS-Protection: 1; mode=block
    < Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    < Pragma: no-cache
    < Expires: 0
    < X-Frame-Options: DENY
    < Content-Length: 0
    <
    * Connection #0 to host localhost left intact
    [netsol@SR-CADOI-AP01 xa]$

    Entry at the log is the same: com.xmatters.xagent.services.HyraxProxy ERROR --- Failed forwarding to Hyrax: Entity may not be null

     

    0
  • Travis looks like is an error on my side! in the auth part of the request! will keep checking!

    0
  • Well, that's interesting. A normal, successful request to the agent responds with a "HTTP 202" not an HTTP 200 and also includes a couple extra headers such as "x-trace" and "envoy" which are used to track the request in our servers. 

    Can we make sure the agent is successfully communicating with xMatters? Can you post the recent parts of the /var/log/xmatters/xmatters-xa/agent-communication-xmatters.log log? 

     

    0
  • Sure!

    Any way i was really sending the auth bad, now im using the api key:

    curl -x "" -v -H "Content-Type: application/json" --user x-api-key-uiduid:passworduid -X POST -d '{ "ticket number" : "1072128190001", "summary": "Web App registration is down" }' "http://192.168.244.100:8081/api/integration/1/functions/trigger-uid-/triggers"

    this is the output:

    * About to connect() to 192.168.244.100 port 8081 (#0)
    * Trying 192.168.244.100...
    * Connected to 192.168.244.100 (192.168.244.100) port 8081 (#0)
    * Server auth using Basic with user 'x-api-key-uid'
    > POST /api/integration/1/functions/uid/triggers HTTP/1.1
    > Authorization: Basic basic_auth_string
    > User-Agent: curl/7.29.0
    > Host: 192.168.244.100:8081
    > Accept: */*
    > Content-Type: application/json
    > Content-Length: 80
    >
    * upload completely sent off: 80 out of 80 bytes
    < HTTP/1.1 200 OK
    < Date: Wed, 29 Jan 2020 00:28:05 GMT
    < X-Content-Type-Options: nosniff
    < X-XSS-Protection: 1; mode=block
    < Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    < Pragma: no-cache
    < Expires: 0
    < X-Frame-Options: DENY
    < Content-Length: 0
    <
    * Connection #0 to host 192.168.244.100 left intact

    Now  if i delete one of the chars and point out to another trigger (delete the last character of the uid) i  get this:

    * upload completely sent off: 80 out of 80 bytes
    < HTTP/1.1 404 Not Found
    < Date: Wed, 29 Jan 2020 00:30:11 GMT
    < Pragma: no-cache
    < Via: 1.1 google
    < Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
    < X-Frame-Options: DENY
    < Content-Type: application/json;charset=utf-8
    < Alt-Svc: clear
    < X-Robots-Tag: noindex
    < x-trace: 1b5e2b60-2c90-49d2-fdd2-68ff62552bda,b463f310-4772-4a46-837f-f89f09e007e0
    < x-envoy-upstream-service-time: 123
    < Date: Wed, 29 Jan 2020 00:30:11 GMT
    < Server: envoy
    < X-Content-Type-Options: nosniff
    < X-XSS-Protection: 1; mode=block
    < X-Content-Type-Options: nosniff
    < Content-Length: 97

    with the x-trace you said it should exists, i only change the trigger url to a wrong one.

     

    will post the log asap.

     

     

    0
  • This is the last info in the log.

     


    2020-01-28 21:28:05,621 16437 [qtp682981033-47] com.xmatters.xagent.services.HyraxProxy ERROR --- Failed forwarding to Hyrax: Entity may not be null
    2020-01-28 21:29:44,954 16437 [scheduling-1] com.xmatters.xagent.services.RemoteHyraxService INFO --- Re-establishing websocket connection to xMatters, due to to the graceful reconnect timeout
    2020-01-28 21:29:44,956 16437 [scheduling-1] com.xmatters.xagent.services.RemoteHyraxService INFO --- Attempting to connect to xMatters websocket: 1
    2020-01-28 21:29:45,520 16437 [Thread-57] com.xmatters.xagent.services.RemoteHyraxService INFO --- Websocket connection to xMatters established.
    2020-01-28 21:30:11,558 16437 [qtp682981033-83] com.xmatters.xagent.socket.ProxyAwareSSLSocketFactory INFO --- Connecting to cablevision.xmatters.com through proxy
    2020-01-28 21:33:24,566 16437 [qtp682981033-90] com.xmatters.xagent.socket.ProxyAwareSSLSocketFactory INFO --- Connecting to cablevision.xmatters.com through proxy
    2020-01-28 21:33:33,053 16437 [qtp682981033-79] com.xmatters.xagent.services.HyraxProxy ERROR --- Failed forwarding to Hyrax: Entity may not be null

    0
  • Hey Dante! Thanks for your patience. I've been talking to the developers and they were able to reproduce this error if the agent is running an HTTP trigger that is not connected to any other steps. So on your canvas, do you have any other steps connected to this trigger? If not, what happens if you attach a simple custom step that doesn't do anything? I think a switch step might also work, but I'd start with a custom step. 

    They created a BUG ticket to better handle this situation, but let me know if the workaround above works out. 

    Happy Wednesday!

    0
  • Hey Travis! worked like charm! Attached a switch step and worked perfectly!!!

    I will continue with the toolchain now that I got a positive response!

    * upload completely sent off: 80 out of 80 bytes
    < HTTP/1.1 202 Accepted
    < Date: Wed, 29 Jan 2020 22:20:20 GMT
    < x-ratelimit-period_in_sec: 60
    < x-concurrentlimit-limit: 60
    < Pragma: no-cache
    < Via: 1.1 google
    < x-ratelimit-used: 2
    < Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
    < X-Frame-Options: DENY
    < Content-Type: application/json;charset=utf-8
    < Expires: 0
    < Alt-Svc: clear
    < X-Robots-Tag: noindex
    < x-envoy-upstream-service-time: 188
    < Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    < Server: envoy
    < x-ratelimit-limit: 100
    < X-Content-Type-Options: nosniff
    < x-concurrentlimit-used: 1
    < X-XSS-Protection: 1; mode=block
    < x-trace: a2949a08-99c7-c141-0d05-c57ed2b83db7,f5396a6d-e772-4ac0-9190-fe60f610a039
    < x-trace: a2949a08-99c7-c141-0d05-c57ed2b83db7,f5396a6d-e772-4ac0-9190-fe60f610a039
    < Date: Wed, 29 Jan 2020 22:20:21 GMT
    < X-Content-Type-Options: nosniff
    < Content-Length: 52

     

    0
  • So, i managed to make it work, when running OnPrem, after the switch I created a custom step that's empty, but run on the cloud. After doing so the next step run on cloud too and didn't show an error.

    "UIM Alert - UIM trigger" is running on xMatters Agent "url"
    Finished running HTTP Trigger script.
    "Switch" is running on xMatters Agent "url"
    Flow execution switched from an xMatters Agent to the cloud

    The next step the xMatters create even run at the cloud with no problem.

    0

Didn't find what you were looking for?

New post