11. 01. 2021 Gianluca Piccolo Asset Management, NetEye, Unified Monitoring

Use NetEye 4.15 JWT Built-in Authentication to use Fusion Inventory and GLPI

Use Case

Suppose we want to trigger Fusion Inventory execution in a GLPI installation, where we can then use the Autonomous mode to import data into GLPI via a CURL request. Let’s see how JWT (JSON Web Token) can help us in NetEye 4.15.

Prerequisites

  1. A NetEye 4.15 (or later) installation with the Asset module enabled
  2. GLPI with Fusion Inventory (http://fusioninventory.org/)
  3. A working Fusion Inventory agent in the host that generates the inventory

Solution

Now we’re ready to start. Just follow these steps:

  1. Create a role in NetEye called glpi_fusion_inventory_role that has access only to GLPI so it can safely call the Fusion Inventory endpoint:
    1. Assign the user glpi_fusion_inventory to it
    2. In the assetmanagement section, enable the General module access flag
  2. Create a JWT Auth token for the user glpi_fusion_inventory 
    1. Retrieve your public key: cat /neteye/shared/icingaweb2/conf/modules/neteye/jwt-keys/neteye-jwt.pub
    2. Retrieve your private key: cat /root/security/jwt-private-key/neteye-jwt.key
    3. Go to https://jwt.io/#debugger-io to easily create a JWT Auth token:
      1. Select the RS512 hash algorithm
      2. Paste the private key in the right field
      3. Paste the following JSON* in the payload field: { "sub": "glpi_fusion_inventory", "exp": 2516239022 } 
      4. Copy the generated token to a file in a safe folder onto the host that runs the inventory: echo "TOKEN" > /safe-jwt-tokens-folder/glpi_fusion_inventory.jwt
      5. Remember to give the file that contains the JWT token only minimum permissions since this will allow someone to log in to NetEye as the glpi_fusion_inventory user
  3. Trigger agent execution: fusioninventory-inventory | curl -Ls --data @- https://httpd.neteyelocal/glpi/plugins/fusioninventory/ -H "Content-Type: Application/x-compress" -H "Authorization: Bearer $(cat /safe-jwt-tokens-folder/glpi_fusion_inventory.jwt)"

Important Note

Please remember that this is just an example of how to properly send data from Fusion Inventory to GLPI. If you’re going to use this approach often, take care to have an automatic process to refresh the JWT token periodically, and to always set a proper expiration time.

Gianluca Piccolo
Full Stack Developer at Wuerth Phoenix. I love questioning myself, find new challenges to learn and new adventures to grow up. PHP lover trying to expand my skills studying new languages and tools to improve my professional life.

Author

Gianluca Piccolo

Full Stack Developer at Wuerth Phoenix. I love questioning myself, find new challenges to learn and new adventures to grow up. PHP lover trying to expand my skills studying new languages and tools to improve my professional life.

Leave a Reply

Your email address will not be published.

Archive