If a proxy or proxy group has been set, the SyncHost job currently depends on SyncProxy / SyncProxyGroup. If nbxSync is unable to SyncProxy / SyncProxyGroup, then the SyncHost job fails (unnecessarily).
This unnecessary dependency means that in order to sync a host with a Proxy / ProxyGroup set, nbxsync requires Super Admin privileges on the zabbix server.
Here's the log from trying to sync a host with a proxy group set, without Super Admin privileges. Syncing a host without a proxy group set, and without Super Admin privileges, works fine.
netbox-worker-1 | No active configuration revision found - falling back to most recent
netbox-worker-1 | 09:31:35 Worker d88fba066f6b40829325e7c336c9f8e0: job 2c2f85c2-189c-41bb-bf23-00edfdb84e79: exception raised while executing (nbxsync.worker.synchost)
netbox-worker-1 | Traceback (most recent call last):
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/nbxsync/utils/sync/safe_sync.py", line 7, in safe_sync
netbox-worker-1 | return run_zabbix_operation(sync_class, obj, 'sync', extra_args)
netbox-worker-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/nbxsync/utils/sync/run_zabbix_operations.py", line 31, in run_zabbix_operation
netbox-worker-1 | return method()
netbox-worker-1 | ^^^^^^^^
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/nbxsync/utils/sync/syncbase.py", line 64, in sync
netbox-worker-1 | self.sync_to_zabbix(object_id)
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/nbxsync/utils/sync/syncbase.py", line 121, in sync_to_zabbix
netbox-worker-1 | self.update_in_zabbix(object_id=object_id)
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/nbxsync/utils/sync/syncbase.py", line 126, in update_in_zabbix
netbox-worker-1 | result = self.api_object().update(**self.get_update_params(object_id=kwargs.get('object_id', None)))
netbox-worker-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/zabbix_utils/api.py", line 94, in func
netbox-worker-1 | return self.parent.send_api_request(
netbox-worker-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/zabbix_utils/api.py", line 386, in send_api_request
netbox-worker-1 | raise APIRequestError(err)
netbox-worker-1 | zabbix_utils.exceptions.APIRequestError: Application error. No permissions to call "proxygroup.update".
netbox-worker-1 |
netbox-worker-1 | During handling of the above exception, another exception occurred:
netbox-worker-1 |
netbox-worker-1 | Traceback (most recent call last):
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/nbxsync/jobs/synchost.py", line 71, in sync_host
netbox-worker-1 | safe_sync(ProxyGroupSync, assignment.zabbixproxygroup)
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/nbxsync/utils/sync/safe_sync.py", line 9, in safe_sync
netbox-worker-1 | raise RuntimeError(f'Error syncing {sync_class.__name__}: {e}')
netbox-worker-1 | RuntimeError: Error syncing ProxyGroupSync: Application error. No permissions to call "proxygroup.update".
netbox-worker-1 |
netbox-worker-1 | During handling of the above exception, another exception occurred:
netbox-worker-1 |
netbox-worker-1 | Traceback (most recent call last):
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/rq/worker.py", line 1659, in perform_job
netbox-worker-1 | return_value = job.perform()
netbox-worker-1 | ^^^^^^^^^^^^^
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/rq/job.py", line 1318, in perform
netbox-worker-1 | self._result = self._execute()
netbox-worker-1 | ^^^^^^^^^^^^^^^
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/rq/job.py", line 1376, in _execute
netbox-worker-1 | result = self.func(*self.args, **self.kwargs)
netbox-worker-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/nbxsync/worker.py", line 13, in synchost
netbox-worker-1 | worker.run()
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/nbxsync/jobs/synchost.py", line 37, in run
netbox-worker-1 | self.sync_host(assignment)
netbox-worker-1 | File "/opt/netbox/venv/lib/python3.12/site-packages/nbxsync/jobs/synchost.py", line 94, in sync_host
netbox-worker-1 | raise RuntimeError(f'Unexpected error: {e}')
netbox-worker-1 | RuntimeError: Unexpected error: Error syncing ProxyGroupSync: Application error. No permissions to call "proxygroup.update".```
If a proxy or proxy group has been set, the SyncHost job currently depends on SyncProxy / SyncProxyGroup. If nbxSync is unable to SyncProxy / SyncProxyGroup, then the SyncHost job fails (unnecessarily).
This unnecessary dependency means that in order to sync a host with a Proxy / ProxyGroup set, nbxsync requires Super Admin privileges on the zabbix server.
Here's the log from trying to sync a host with a proxy group set, without Super Admin privileges. Syncing a host without a proxy group set, and without Super Admin privileges, works fine.