IBM Support

ZZ00450: DELETING AUDIT DATA FAILS WITH "401 UNAUTHORIZED"

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as documentation error.

Error description

  • Deleting IWD audit data using REST API fails with "401
    Unauthorized".
    
    Environment: ICO 2.4.0.2
    
    Follow the steps described here:
    http://www-01.ibm.com/support/knowledgecenter/SS4KMC_2.4.0.2/com
    .ibm.sco.doc_2.4/gs/aat_delete_audit_rest.html?lang=en
    
    On a Linux Machine ...
    
    1. Create and move to working directory
    
    mkdir -p /work/audit_test
    cd /work/audit_test
    
    2. Download the keyfile from the command below.
    
    curl -sS -ku admin:<admins password>  \
        -H "X-IBM-Workload-Deployer-API-Version: 5.0" \
        -o /work/audit_test/keys.auditor.json \
    
    https://<CS03
     IP ADDRESS>/resources/userKeys
    
    3. Download the deployer cli tools
    
    wget --http-user=admin \
         --http-password=<admins password> \
         --no-check-certificate \
         -O /work/audit_test/deployer.zip \
         --quiet \
    
    https://<CS03
     IP ADDRESS>/downloads/cli
    
    4. extract the cli tools
    
    unzip -q /work/audit_test/deployer.zip
    
    5. Copy the necessary files
    
    cp -p $( find /work/audit_test/deployer.cli/ -name cscurl.sh )
    /work/audit_test/
    cp -p $( find /work/audit_test/deployer.cli/ -name
    create_basicauth_header.py ) /work/audit_test/
    cp -p $( find /work/audit_test/deployer.cli/ -name
    auditDelete.sh )
    /work/audit_test/
    
    6. Give exec permission to cscurl.sh
    
    chmod +x /work/audit_test/cscurl.sh
    
    7. Execute the command below
    
    /bin/sh /work/audit_test/auditDelete.sh \
            username=admin \
            password=<admins password> \
            keyfile=/work/audit_test/keys.auditor.json \
            IWD=<CS03 IP ADDRESS>
    
    8. Problem Occurs
    
    Execution Fails with  HTTP/1.1 401 Unauthorized.
    

Local fix

  • 1. Follow steps 1-7 above. In step 7 look for part:
    
    constructed final data string follows
    -------------------------------------
    {"eventIDList":"22,21,23,24,25","eventIDListSignature":"V8vMU3Ze
    806QT6no
    iXU7vrI71GrNkAuuDWZkSkwwEO8mo7uTVQoGVozHR1OUDi8ir+fhgzIOq9ZFgwlX
    CKuL4zf1
    o6C034fpl4WxOFItylL9TTMto0XpZr+kbkV3XWWhRlqkJn/8X4xcbmdP2i7kllfP
    myI8/CeC
    MmgCyScE4ltB+PXZl/ZEcME4zUFq2eW8QyA9FTtEjNsEY10PWzNgzE4ru42ZCrxm
    QFYsS9S5
    k1pxdHpiE+HWXA2zP0Q3AB6TRxF1lvgJ1Qou/UG0cQP5TKseTIJAShWhvaDAlMbf
    up66cmEw
    et3XL95EzHeTsIhPMzV700mItD1bvFKpR0Md4Q=="}
    -------------------------------------
    
    Copy json and save it to some file in current working directory
    (e.g.
    event_tbd.json)
    
    Run CURL command:
    curl -X POST -u admin:<adminpassword> -H "Content-Type:
    application/json" -H 'User-Agent: Mozilla/5.0 (X11; Fedora;
    Linux
    x86_64; rv:39.0) Gecko/20100101 Firefox/39.0'
    
    https://<CS3-IP>/resources/audit.zip
      -k --data @event_tbd.json
    
    or
    
    curl -X POST -u admin:<adminpassword> -H "Content-Type:
    application/json" -H 'User-Agent: Mozilla/5.0 (X11; Fedora;
    Linux
    x86_64; rv:39.0) Gecko/20100101 Firefox/39.0'
    
    https://<CS3-IP>/resources/audit.zip
      -k --data @/path/to/event_tbd.json
    
    There should be "Success" message if everything will be ok. You
    can also
    use some REST Client built in the browser if you need some
    quick tests
    
    Please remember that you need to delete oldest events (as it is
    documented). If you try to delete some subset of events from
    "the
    middle" there will be error that you need to delete the oldest
    first.
    
    Easiest way to safely delete the logs is to download new
    audit.zip file
    and use audit-events-record-IDs or
    audit-events-signed-record-IDs from
    that file directly.
    

Problem summary

  • ***********************************************************
    * USERS AFFECTED: All users of IBM Cloud Orchestrator 2.4
    ***********************************************************
    * PROBLEM DESCRIPTION:
      Deleting IWD audit data using REST API
      fails with "401 Unauthorized"
    ***********************************************************
    * RECOMMENDATION:
      Review the next update of the IBM Knowledge Center for
      IBM Cloud Orchestrator V2.4 Fix Pack 4 when available
    ***********************************************************
    
    The documentation changes can also be found in the
    Conclusion section below.
    

Problem conclusion

  • The following topic in IBM Cloud Orchestrator
    Knowledge Center has been updated:
    "Deleting audit data to free storage"
    
    
    m.sco.doc_2.4/gs/aat_delete_audit_rest.html
    

Temporary fix

Comments

APAR Information

  • APAR number

    ZZ00450

  • Reported component name

    SMRTCLOUD ORCHS

  • Reported component ID

    5725H2800

  • Reported release

    240

  • Status

    CLOSED DOC

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-08-06

  • Closed date

    2016-03-29

  • Last modified date

    2016-03-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4KMC","label":"IBM Cloud Orchestrator"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"240","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
03 November 2021