06. 12. 2023
Asset Management, Service Management
11. 01. 2021
Gianluca Piccolo
Asset Management, NetEye, Unified Monitoring
Use NetEye 4.15 JWT Built-in Authentication to use Fusion Inventory and GLPI
Use Case
Suppose we want to trigger Fusion Inventory execution in a GLPI installation, where we can then use the Autonomous mode to import data into GLPI via a CURL request. Let’s see how JWT (JSON Web Token) can help us in NetEye 4.15.
Prerequisites
- A NetEye 4.15 (or later) installation with the Asset module enabled
- GLPI with Fusion Inventory (http://fusioninventory.org/)
- A working Fusion Inventory agent in the host that generates the inventory
Solution
Now we’re ready to start. Just follow these steps:
- Create a role in NetEye called
glpi_fusion_inventory_rolethat has access only to GLPI so it can safely call the Fusion Inventory endpoint:- Assign the user
glpi_fusion_inventoryto it - In the
assetmanagementsection, enable the General module access flag
- Assign the user
- Create a JWT Auth token for the user
glpi_fusion_inventory- Retrieve your public key:
cat /neteye/shared/icingaweb2/conf/modules/neteye/jwt-keys/neteye-jwt.pub - Retrieve your private key:
cat /root/security/jwt-private-key/neteye-jwt.key - Go to https://jwt.io/#debugger-io to easily create a JWT Auth token:
- Select the RS512 hash algorithm
- Paste the private key in the right field
- Paste the following JSON* in the payload field:
{ "sub": "glpi_fusion_inventory", "exp": 2516239022 } - Copy the generated token to a file in a safe folder onto the host that runs the inventory:
echo "TOKEN" > /safe-jwt-tokens-folder/glpi_fusion_inventory.jwt - Remember to give the file that contains the JWT token only minimum permissions since this will allow someone to log in to NetEye as the
glpi_fusion_inventoryuser
- Retrieve your public key:
- Trigger agent execution:
fusioninventory-inventory | curl -Ls --data @- https://httpd.neteyelocal/glpi/plugins/fusioninventory/ -H "Content-Type: Application/x-compress" -H "Authorization: Bearer $(cat /safe-jwt-tokens-folder/glpi_fusion_inventory.jwt)"
Important Note
Please remember that this is just an example of how to properly send data from Fusion Inventory to GLPI. If you’re going to use this approach often, take care to have an automatic process to refresh the JWT token periodically, and to always set a proper expiration time.
Full Stack Developer at Wuerth Phoenix. I love questioning myself, find new challenges to learn and new adventures to grow up. PHP lover trying to expand my skills studying new languages and tools to improve my professional life.
Author
Latest posts by Gianluca Piccolo
19. 10. 2023
Events
Team Building: Sailing at Lake Garda