OpenMediaVault integration issues
I'm trying to setup the OMV integration for system health monitoring, but I keep getting errors, I have created a user for the integration, I have also tested with the admin user, tried both external and internal urls (I suspect the external url was giving issues due to authelia) and it's still not working, this is the full object that appears in the console when loading: https://privatebin.io/?77d1d4784f79ea2b#25GYjqJEGhMppZKSuLojHjZT9bTdnTF8w3MSrN3pH8rJ
I have installed the plugin
My full docker compose: https://privatebin.io/?6bbef3ff2ebe26e2#27NvLvLxTZt7NAPTsZQvbo3We85feosBUTjLNzanFVNP
Homarr version 1.17.0
Running on OMV 7.7.4-1 (Sandworm)
Send text and files securely and anonymously with end-to-end encryption (no account required) | PrivateBin
Encrypted note on Send text and files securely and anonymously with...
Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.
Send text and files securely and anonymously with end-to-end encryption (no account required) | PrivateBin
Encrypted note on Send text and files securely and anonymously with...
Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.
46 Replies
Thank you for submitting a support request.
Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Please post your full logs
Send text and files securely and anonymously with end-to-end encryption (no account required) | PrivateBin
Encrypted note on Send text and files securely and anonymously with...
Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.
Ok, I have somehow managed to get it working, but after a reboot of the system it is back to not working
new log:
The above error
URI malformed can be ignored for now. It will prevent real time updates to occure, because one of your cookies contains a % character. This was fixed in https://github.com/homarr-labs/homarr/pull/2989 and will be part of v1.19.0 which is released on fridayGitHub
fix(cookie): parsing of header not working with percentage char by ...
Homarr
Thank you for your contribution. Please ensure that your pull request meets the following pull request:
Builds without warnings or errors (pnpm build, autofix with pnpm format:fix)
Pull ...
Nice! but I'm more concerned with the error at the end since that's the one that apears when I reload the dashboard with the heath monitoring present
This error occurs because the response of the api does not match our expected format. we expect the following:
When calling
system.getInformation
Not sure why, but maybe you have something of the features disabled / not enabled that were expected@Meierschlumpf can we log more info from the zod validator?
My changes regarding the test-connection changes, that I'm working on, will make it a lot easier to do so yes.
What is the exact call you're making? maybe I can manually trigger it to see the issue, I am using a separate account for the integration, but I have also tried with the default admin
We make a
POST request to /rpc.php with the following body:
and the required authentication through headers / cookies, depending on your setupDang, I'm really struggling to get it to accept the auth, could you give me any extra directions on what I should do?, this is my current command:
Where cookies.txt is the dump from the browser after logging in, for some reason it's still giving me the Session not authenticated error
If you have cookie auth then they should be named
OPENMEDIAVAULT-SESSIONID and OPENMEDIAVAULT-LOGIN (both like this or both with X- as prefix)
Or if it is header authentication you can use the header with X-OPENMEDIAVAULT-SESSIONIDchecking the file they are there, but OPENMEDIAVAULT-LOGIN has a dash at the end
followed by a long seemingly random string
That's weird that it has a dash at the end 🤔
OPENMEDIAVAULT-LOGIN-%242y%2410%24VYXgKFa6hIkpyGz6[more random string...]
also, there are two
ohh, wait, I've just realized I've dumped it from the access through the reverse proxy
instead of direct as I'm doing on the command line
Okay the
%24 are probably encoded $
Does that look good?
It looks like a response from omv yes, let me check quickly
Hmm that looks correct
It did take a full 4 seconds to proccess
6 on a second request
Okay, this should not really matter as we got the
Invalid system information response error and not a timeout or similarOhh, wait
I've got it (I think)
Maybe the response we get back through homarr is the one that you get when you are unauthorized. Can you check through updating the integrations secrets?
Okay if you have it even better!
using the account I created for the integration only this appears:
Oh I see
Solution
So the account needs probably more permissions 😄
I thought I had also tried with the admin account but it must not have updated for some reason
any idea on what groups it needs to be part of?
I'm seeing in the OMV wiki that any user on the openmediavault-admin group is a web interface administrator, but ideally I would like to not give a user that's just there to get stats admin permisions over the whole system
Maybe with
SNMP you can make the data read only? Other than that it states that it is only available to the admin group
But SNMP is a seperat protocol on port 161 it seems that we don't support
So it's probably only the admin credentials way that seems to work, except you want to touch ACL rules, which is not recommendedthen there is really no point to having a separate user?
I guess not really
It seems to still be failing
Except maybe to sign in with only him to only have read rights by default
same error I think:
and this time I'm using the default admin user
I've even made sure with curl with the exact same address and details
the exact command used for testing that works is:
curl -X POST -d '{"service": "system", "method": "getInformation"}' -b ~/downloads/cookies.txt http://192.168.100.55/rpc.php | yqI think this one is on me. We have a sessionStore which stores the used secrets for calling the api in a cache so we don't authenticate all 5 seconds.
But we don't invalidate it when other credentials are used...
If possible you can remove the session in omv / wait until the session expires
And then we should make changes so that the stored sessions are for specific credentials
That would definitely explain why it worked previously when I switched it to the unprivileged account
Does just deleting the user work?
Yes it does
It should as then your api will respond with status code 401 (i suspect) and if this is the case we authenticate again
now the integration is working
finally
and since we know why it failed previously we can (probably) discard any hidden timebombs
Okay great, so best would be if we
1. add more details to the
Invalid system information response
2. add documentation that admin permissions are required as it otherwise does not show enough informations
3. we invalidate the credentials of integrations when the testConnectionAsync is runI understand the first two, but shouldn't the credentials only be invalidated when the integration is modified?
Yes that would make even more sense
Okay but great, I suggest I'll create an issue for invalidating the credentials of the session store and one for the admin permissions for omv (the first one I'm already working on with some other changes)
sure, go for it, thanks for all the help and for the great dashboard
You're welcome, have a good night
You too, shall I mark this issue as solved?
Yes you can, thanks
2 -> https://github.com/homarr-labs/documentation/issues/291
3 -> https://github.com/homarr-labs/homarr/issues/3002
GitHub
feat: add note of required permissions for omv integration · Issue...
Describe what you would like to see documented Add a note that for working omv integration the user needs admin permissions as otherwise he will not get the full details for system.getInformations....
GitHub
bug: session stores not invalidated · Issue #3002 · homarr-labs/h...
Describe the bug When updating the credentials of an integration the session store is not invalidated. So it will use the old credentials until they expire and the api returns a 401 where it will r...