From 9ecd3e3ac76e00d4860c027fd9a3ad439b4f12ac Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 30 Sep 2022 12:17:31 -0400
Subject: [PATCH] Add API check

Particularly SELinux is a frequently missed configuration
facet, alert when the selinux is blocking.
---
 confluent_server/bin/confluent_selfcheck | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/confluent_server/bin/confluent_selfcheck b/confluent_server/bin/confluent_selfcheck
index f04680cb..ccbe288b 100755
--- a/confluent_server/bin/confluent_selfcheck
+++ b/confluent_server/bin/confluent_selfcheck
@@ -85,6 +85,16 @@ def web_download_works():
         return False
     return True
             
+def web_api_works():
+    try:
+        res = subprocess.check_output(['curl', '-X', 'GET', '-Isk', 'https://localhost/confluent-api/'])
+        res = res.split(b'\n')[0]
+        if b'401' in res:
+            return True
+        return False
+    except Exception:
+        return False
+    return True
 
 def nics_missing_ipv6():
     # check for ability to create AF_INET6, for kernel disabled ipv6
@@ -176,6 +186,11 @@ if __name__ == '__main__':
                     print('OK')
                 else:
                     emprint('Failed to download /confluent-public/site/confluent_uuid')
+                fprint('Checking web API access: ')
+                if web_api_works():
+                    print('OK')
+                else:
+                    emprint('Failed access, if selinux is enabled, `setsebool -P httpd_can_network_connect=1`, otherwise check web proxy configuration')
         else:
             emprint('Not Running (Example resolution: systemctl enable httpd --now)')
         fprint('TFTP Status: ')