EdgeCheckinInterval seems to be ignored on API POST call (endpoint creation)

[The-Judge]

Bug description
Portainer API has parameter EdgeCheckinInterval when creating a new endpoint via the API. See Swagger.
When setting this to an integer value (say: 10), the endpoint is created fine, but with the global default which is 5 per default, effectively ignoring this parameter.

Expected behavior
The created (edge) endpoint should have the EdgeCheckinInterval set as requested in the API creation query.

Portainer Logs
None

Steps to reproduce the issue:
http --form POST https://your-portainer/api/endpoints 'X-API-Key:YOUR_API_TOKEN' Name=test TLS=true TLSSkipVerify=true TLSSkipClientVerify=true 'URL=https://your-portainer' EndpointCreationType=4 EdgeCheckinInterval=10

Results in being even 0 in the reply of the creation query:

HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/json
Date: Mon, 27 Jun 2022 11:57:04 GMT
Expect-CT: enforce, max-age=21600
Permissions-Policy: camera=(), fullscreen=(), geolocation=(), microphone=(), payment=(), usb=()
Referrer-Policy: strict-origin
Server: nginx
Strict-Transport-Security: max-age=63072000
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff, nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block, 1; mode=block

{
    "AuthorizedTeams": null,
    "AuthorizedUsers": null,
    "AzureCredentials": {
        "ApplicationID": "",
        "AuthenticationKey": "",
        "TenantID": ""
    },
    "ComposeSyntaxMaxVersion": "",
    "EdgeCheckinInterval": 0,
    "EdgeKey": "** REMOVED **",
    "GroupId": 1,
    "Id": 41,
    "IsEdgeDevice": false,
    "Kubernetes": {
        "Configuration": {
            "IngressClasses": [],
            "RestrictDefaultNamespace": false,
            "StorageClasses": [],
            "UseLoadBalancer": false,
            "UseServerMetrics": false
        },
        "Snapshots": []
    },
    "LastCheckInDate": 0,
    "Name": "test",
    "PublicURL": "",
    "QueryDate": 0,
    "SecuritySettings": {
        "allowBindMountsForRegularUsers": true,
        "allowContainerCapabilitiesForRegularUsers": true,
        "allowDeviceMappingForRegularUsers": true,
        "allowHostNamespaceForRegularUsers": true,
        "allowPrivilegedModeForRegularUsers": true,
        "allowStackManagementForRegularUsers": true,
        "allowSysctlSettingForRegularUsers": true,
        "allowVolumeBrowserForRegularUsers": false,
        "enableHostManagementFeatures": false
    },
    "Snapshots": [],
    "Status": 1,
    "TLSConfig": {
        "TLS": false,
        "TLSSkipVerify": false
    },
    "TagIds": [],
    "Tags": null,
    "TeamAccessPolicies": {},
    "Type": 4,
    "URL": "** REMOVED **",
    "UserAccessPolicies": {},
    "UserTrusted": true
}

Query the Portainer instance with GET then shows EdgeCheckinInterval gets set to the default of 5:

~ $ http GET https://your-portainer/api/endpoints 'X-API-Key:YOUR_API_TOKEN'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/json
Date: Mon, 27 Jun 2022 12:03:30 GMT
Expect-CT: enforce, max-age=21600
Permissions-Policy: camera=(), fullscreen=(), geolocation=(), microphone=(), payment=(), usb=()
Referrer-Policy: strict-origin
Server: nginx
Strict-Transport-Security: max-age=63072000
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff, nosniff
X-Frame-Options: SAMEORIGIN
X-Total-Available: 3
X-Total-Count: 3
X-Xss-Protection: 1; mode=block, 1; mode=block

[
    ** REMOVED **
    {
        "AuthorizedTeams": null,
        "AuthorizedUsers": null,
        "AzureCredentials": {
            "ApplicationID": "",
            "AuthenticationKey": "",
            "TenantID": ""
        },
        "ComposeSyntaxMaxVersion": "3.9",
        "EdgeCheckinInterval": 5,
        "EdgeKey": "** REMOVED **",
        "GroupId": 1,
        "Id": 41,
        "IsEdgeDevice": false,
        "Kubernetes": {
            "Configuration": {
                "IngressClasses": [],
                "RestrictDefaultNamespace": false,
                "StorageClasses": [],
                "UseLoadBalancer": false,
                "UseServerMetrics": false
            },
            "Snapshots": []
        },
        "LastCheckInDate": 0,
        "Name": "test",
        "PublicURL": "",
        "QueryDate": 1656331410,
        "SecuritySettings": {
            "allowBindMountsForRegularUsers": true,
            "allowContainerCapabilitiesForRegularUsers": true,
            "allowDeviceMappingForRegularUsers": true,
            "allowHostNamespaceForRegularUsers": true,
            "allowPrivilegedModeForRegularUsers": true,
            "allowStackManagementForRegularUsers": true,
            "allowSysctlSettingForRegularUsers": true,
            "allowVolumeBrowserForRegularUsers": false,
            "enableHostManagementFeatures": false
        },
        "Snapshots": [],
        "Status": 1,
        "TLSConfig": {
            "TLS": false,
            "TLSSkipVerify": false
        },
        "TagIds": [],
        "Tags": null,
        "TeamAccessPolicies": {},
        "Type": 4,
        "URL": "** REMOVED **",
        "UserAccessPolicies": {},
        "UserTrusted": true
    }
]

Technical details:

• Portainer version: 2.13.1 CE

[samdulam]

@The-Judge
Could you get the endpoint details just for the one endpoint in question?
http GET https://your-portainer/api/endpoints/{id}

Also, what is the interval set to in the UI please?

[The-Judge]

Hi @samdulam, thanks for your reply!

I am facing this behavior for every endpoint I am registering via the API; so, there is no such "one endpoint in question". It affects ALL.
But I will happily create a new one and share the details for that single one, only:

Creation:

$ http --form POST https://my-portainer/api/endpoints 'X-API-Key:MY-API-KEY' Name=gh7131 TLS=true TLSSkipVerify=true TLSSkipClientVerify=true 'URL=https://my-portainer' EndpointCreationType=4 EdgeCheckinInterval=10
HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/json
Date: Tue, 28 Jun 2022 10:22:09 GMT
Expect-CT: enforce, max-age=21600
Permissions-Policy: camera=(), fullscreen=(), geolocation=(), microphone=(), payment=(), usb=()
Referrer-Policy: strict-origin
Server: nginx
Strict-Transport-Security: max-age=63072000
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff, nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block, 1; mode=block

{
    "AuthorizedTeams": null,
    "AuthorizedUsers": null,
    "AzureCredentials": {
        "ApplicationID": "",
        "AuthenticationKey": "",
        "TenantID": ""
    },
    "ComposeSyntaxMaxVersion": "",
    "Edge": {
        "AsyncMode": false,
        "CommandInterval": 0,
        "PingInterval": 0,
        "SnapshotInterval": 0
    },
    "EdgeCheckinInterval": 0,
    "EdgeKey": "** REMOVED **",
    "GroupId": 1,
    "Id": 57,
    "IsEdgeDevice": false,
    "Kubernetes": {
        "Configuration": {
            "IngressClasses": [],
            "RestrictDefaultNamespace": false,
            "StorageClasses": [],
            "UseLoadBalancer": false,
            "UseServerMetrics": false
        },
        "Snapshots": []
    },
    "LastCheckInDate": 0,
    "Name": "gh7131",
    "PublicURL": "",
    "QueryDate": 0,
    "SecuritySettings": {
        "allowBindMountsForRegularUsers": true,
        "allowContainerCapabilitiesForRegularUsers": true,
        "allowDeviceMappingForRegularUsers": true,
        "allowHostNamespaceForRegularUsers": true,
        "allowPrivilegedModeForRegularUsers": true,
        "allowStackManagementForRegularUsers": true,
        "allowSysctlSettingForRegularUsers": true,
        "allowVolumeBrowserForRegularUsers": false,
        "enableHostManagementFeatures": false
    },
    "Snapshots": [],
    "Status": 1,
    "TLSConfig": {
        "TLS": false,
        "TLSSkipVerify": false
    },
    "TagIds": [],
    "Tags": null,
    "TeamAccessPolicies": {},
    "Type": 4,
    "URL": "my-portainer",
    "UserAccessPolicies": {},
    "UserTrusted": true
}

Getting endpoint details (ID: 57)

$ http GET https://my-portainer/api/endpoints/57 'X-API-Key:MY-API-KEY'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/json
Date: Tue, 28 Jun 2022 10:25:10 GMT
Expect-CT: enforce, max-age=21600
Permissions-Policy: camera=(), fullscreen=(), geolocation=(), microphone=(), payment=(), usb=()
Referrer-Policy: strict-origin
Server: nginx
Strict-Transport-Security: max-age=63072000
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff, nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block, 1; mode=block

{
    "AuthorizedTeams": null,
    "AuthorizedUsers": null,
    "AzureCredentials": {
        "ApplicationID": "",
        "AuthenticationKey": "",
        "TenantID": ""
    },
    "ComposeSyntaxMaxVersion": "3.9",
    "Edge": {
        "AsyncMode": false,
        "CommandInterval": 0,
        "PingInterval": 0,
        "SnapshotInterval": 0
    },
    "EdgeCheckinInterval": 0,
    "EdgeKey": "** REMOVED **",
    "GroupId": 1,
    "Id": 57,
    "IsEdgeDevice": false,
    "Kubernetes": {
        "Configuration": {
            "IngressClasses": [],
            "RestrictDefaultNamespace": false,
            "StorageClasses": [],
            "UseLoadBalancer": false,
            "UseServerMetrics": false
        },
        "Snapshots": []
    },
    "LastCheckInDate": 0,
    "Name": "gh7131",
    "PublicURL": "",
    "QueryDate": 0,
    "SecuritySettings": {
        "allowBindMountsForRegularUsers": true,
        "allowContainerCapabilitiesForRegularUsers": true,
        "allowDeviceMappingForRegularUsers": true,
        "allowHostNamespaceForRegularUsers": true,
        "allowPrivilegedModeForRegularUsers": true,
        "allowStackManagementForRegularUsers": true,
        "allowSysctlSettingForRegularUsers": true,
        "allowVolumeBrowserForRegularUsers": false,
        "enableHostManagementFeatures": false
    },
    "Snapshots": [],
    "Status": 1,
    "TLSConfig": {
        "TLS": false,
        "TLSSkipVerify": false
    },
    "TagIds": [],
    "Tags": null,
    "TeamAccessPolicies": {},
    "Type": 4,
    "URL": "my-portainer",
    "UserAccessPolicies": {},
    "UserTrusted": true
}

UI Settings

I hope this is everything you need. Let me know if additional info is required.

[tamarahenson]

@The-Judge

I wanted to follow up on this request. Does this issue still occur after upgrading?

Thanks!

[The-Judge]

Hi @tamarahenson - upgrading what to what?

[tamarahenson]

@The-Judge

Upgrading to the latest version of Portainer 2.17.1. This issue was reported in an older version.

Thanks!

[The-Judge]

Hi @tamarahenson ,

just had time to check this and yes: This still happens as described with version 2.17.1.

This is how I tested:

1. Started a Docker container like this: docker volume create portainer_data && docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:2.17.1
2. Created a password for the admin user by opening https://127.0.0.1:9443 and created an API-Token.
3. Validated that the global value for EdgeCheckinInterval is set to 5 (yes, it is)
4. Registered a dummy - env with EdgeCheckinInterval set to 10: http --verify no --form POST https://10.110.0.3:9443/api/endpoints 'X-API-Key:TOKEN_FROM_STEP_2' Name=test TLS=true TLSSkipVerify=true TLSSkipClientVerify=true 'URL=https://10.110.0.3:9443' EndpointCreationType=4 EdgeCheckinInterval=10.
   Results in:

HTTP/1.1 200 OK
Content-Length: 1547
Content-Type: application/json
Date: Thu, 23 Mar 2023 11:49:11 GMT
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "Agent": {
        "Version": ""
    },
    "AuthorizedTeams": null,
    "AuthorizedUsers": null,
    "AzureCredentials": {
        "ApplicationID": "",
        "AuthenticationKey": "",
        "TenantID": ""
    },
    "ComposeSyntaxMaxVersion": "",
    "Edge": {
        "AsyncMode": false,
        "CommandInterval": 0,
        "PingInterval": 0,
        "SnapshotInterval": 0
    },
    "EdgeCheckinInterval": 0,
    "EdgeKey": "**REMOVED**",
    "Gpus": [],
    "GroupId": 1,
    "Id": 4,
    "IsEdgeDevice": false,
    "Kubernetes": {
        "Configuration": {
            "AllowNoneIngressClass": false,
            "EnableResourceOverCommit": false,
            "IngressAvailabilityPerNamespace": false,
            "IngressClasses": [],
            "ResourceOverCommitPercentage": 0,
            "RestrictDefaultNamespace": false,
            "StorageClasses": [],
            "UseLoadBalancer": false,
            "UseServerMetrics": false
        },
        "Flags": {
            "IsServerMetricsDetected": false,
            "IsServerStorageDetected": false
        },
        "Snapshots": []
    },
    "LastCheckInDate": 0,
    "Name": "test",
    "PostInitMigrations": {
        "MigrateIngresses": false
    },
    "PublicURL": "",
    "QueryDate": 0,
    "SecuritySettings": {
        "allowBindMountsForRegularUsers": true,
        "allowContainerCapabilitiesForRegularUsers": true,
        "allowDeviceMappingForRegularUsers": true,
        "allowHostNamespaceForRegularUsers": true,
        "allowPrivilegedModeForRegularUsers": true,
        "allowStackManagementForRegularUsers": true,
        "allowSysctlSettingForRegularUsers": true,
        "allowVolumeBrowserForRegularUsers": false,
        "enableHostManagementFeatures": false
    },
    "Snapshots": [],
    "Status": 1,
    "TLSConfig": {
        "TLS": false,
        "TLSSkipVerify": false
    },
    "TagIds": [],
    "Tags": null,
    "TeamAccessPolicies": {},
    "Type": 4,
    "URL": "10.110.0.3",
    "UserAccessPolicies": {},
    "UserTrusted": true
}

Note that, just like in my initial report, EdgeCheckinInterval is 0 here.
5. Getting the result for that env from the API using http --verify no GET https://10.110.0.3:9443/api/endpoints 'X-API-Key:TOKEN_FROM_STEP_2':

HTTP/1.1 200 OK
Content-Type: application/json
Date: Thu, 23 Mar 2023 11:50:27 GMT
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Total-Available: 2
X-Total-Count: 2
X-Xss-Protection: 1; mode=block

[
    ...
    {
        "Agent": {
            "Version": ""
        },
        "AuthorizedTeams": null,
        "AuthorizedUsers": null,
        "AzureCredentials": {
            "ApplicationID": "",
            "AuthenticationKey": "",
            "TenantID": ""
        },
        "ComposeSyntaxMaxVersion": "3.9",
        "Edge": {
            "AsyncMode": false,
            "CommandInterval": 0,
            "PingInterval": 0,
            "SnapshotInterval": 0
        },
        "EdgeCheckinInterval": 5,
        "EdgeKey": "**REMOVED**",
        "Gpus": [],
        "GroupId": 1,
        "Id": 4,
        "IsEdgeDevice": false,
        "Kubernetes": {
            "Configuration": {
                "AllowNoneIngressClass": false,
                "EnableResourceOverCommit": false,
                "IngressAvailabilityPerNamespace": false,
                "IngressClasses": [],
                "ResourceOverCommitPercentage": 0,
                "RestrictDefaultNamespace": false,
                "StorageClasses": [],
                "UseLoadBalancer": false,
                "UseServerMetrics": false
            },
            "Flags": {
                "IsServerMetricsDetected": false,
                "IsServerStorageDetected": false
            },
            "Snapshots": []
        },
        "LastCheckInDate": 0,
        "Name": "test",
        "PostInitMigrations": {
            "MigrateIngresses": false
        },
        "PublicURL": "",
        "QueryDate": 1679572227,
        "SecuritySettings": {
            "allowBindMountsForRegularUsers": true,
            "allowContainerCapabilitiesForRegularUsers": true,
            "allowDeviceMappingForRegularUsers": true,
            "allowHostNamespaceForRegularUsers": true,
            "allowPrivilegedModeForRegularUsers": true,
            "allowStackManagementForRegularUsers": true,
            "allowSysctlSettingForRegularUsers": true,
            "allowVolumeBrowserForRegularUsers": false,
            "enableHostManagementFeatures": false
        },
        "Snapshots": [],
        "Status": 1,
        "TLSConfig": {
            "TLS": false,
            "TLSSkipVerify": false
        },
        "TagIds": [],
        "Tags": null,
        "TeamAccessPolicies": {},
        "Type": 4,
        "URL": "10.110.0.3",
        "UserAccessPolicies": {},
        "UserTrusted": true
    }
]

I thought that it is quite easy to reproduce with the details I provided ... it is disappointing that not only this seems to not have been touched for nearly 9 months now, but since this has not even changed, it looks like you guys just want me to help in sorting your tasks, because you can't tell if this has been worked on or not.

[tamarahenson]

@The-Judge

Thank you for the additional information provided. I am going to further investigate. I will update you as I learn more.

Thanks!

[tamarahenson]

@The-Judge

I wanted to follow up on this request. While I run the following command:

vagrant@docker:~$ http --verify no --form POST https://192.168.2.12:9443/api/endpoints 'X-API-Key:ptr_0F6KaIvRtc9LgHGm5ZlAx4ghkJKc2OITcOB5nSx2Vd0=' Name=test TLS=true TLSSkipVerify=true TLSSkipClientVerify=true 'URL=https://192.168.2.12:9001' EndpointCreationType=4 EdgeCheckinInterval=20 EdgeTunnelServerAddress=192.168.2.12:8000

I am seeing the EdgeCheckinInterval=20 is set to 0:

When I run the following to trust but verify, I am seeing EdgeCheckinInterval=20 is set to 10

vagrant@docker:~$ http --verify=no --form GET https://192.168.2.12:9443/api/endpoints X-API-Key:ptr_0F6KaIvRtc9LgHGm5ZlAx4ghkJKc2OITcOB5nSx2Vd0=

I am going to forward this issue to Product for review. I will update you as I learn more.

Thanks!

[tamarahenson]

@The-Judge

Update: I am logging an internal issue to update our API documentation.

Upon further investigation, you need to use CheckinInterval=time

vagrant@docker:~$ http --verify no --form POST https://192.168.2.12:9443/api/endpoints 'X-API-Key:ptr_0F6KaIvRtc9LgHGm5ZlAx4ghkJKc2OITcOB5nSx2Vd0=' Name=test TLS=true TLSSkipVerify=true TLSSkipClientVerify=true 'URL=https://192.168.2.12:9001' EndpointCreationType=4 CheckinInterval=20 EdgeTunnelServerAddress=192.168.2.12:8000

Trust but verify:

vagrant@docker:~$ http --verify=no --form GET https://192.168.2.12:9443/api/endpoints X-API-Key:ptr_0F6KaIvRtc9LgHGm5ZlAx4ghkJKc2OITcOB5nSx2Vd0=

Thanks!

[The-Judge]

Yes, that seems like a bad doc issue, indeed. Also, quite a misleading parameter name difference there, that one needs to use a different parameter to set the whole thing than the actual parameter is. But updating the API docs is sufficient, I guess.

Thank you for your efforts!

[jamescarppe]

Internal Ref: PCT-194

[jamescarppe]

To wrap this one up, in the current release (2.19.1) both EdgeCheckinInterval and CheckinInterval are valid parameters for the endpoint, and do the same thing. We document EdgeCheckinInterval as it is the parameter to use going forward, and CheckinInterval has been deprecated and will be removed in a later version.