Skip to content

[Bug]: Claim token regeneration doesn't seem to invalidate previous claim tokens #1110

New issue
New issue
Closed
Closed
[Bug]: Claim token regeneration doesn't seem to invalidate previous claim tokens#1110
Labels
bugSomething isn't workingneeds triage
@deansheather

Description

@deansheather
deansheather
opened on Oct 16, 2025

Bug description

I'm trying to regenerate our claim token, but even after regenerating it I can still claim a new node using the old token.

I'm unsure if this is a widespread bug or some consistency issue in the netdata cloud database since we have a very old account.

Expected behavior

After regenerating the token I would expect previous claim tokens to no longer work. The API that regenerates tokens should take extra care to ensure NO other active claim tokens exist in the space.

Steps to reproduce

  1. Stop netdata on the server
  2. Delete all netdata-related data and cache on the server (/var/lib/netdata, /var/cache/netdata)
  3. Delete the offline node from netdata cloud
  4. Regenerate the token by clicking Space settings > Rooms > Settings > Nodes > Add nodes > Settings > Regenerate token (see screenshot)
  5. Check that the claim token in the Add nodes window clearly does not match the old token
  6. Reload the window to ensure that the Add nodes window still shows the same newly generated token and does not match the old token
  7. Run the existing claim script with the old token in NETDATA_CLAIM_TOKEN
  8. Netdata starts successfully and the node reappears on netdata cloud

For testing, I also tried on a fresh cloud server with an identical script (and old token) and the latest version of netdata/netdata and it was still able to register.

This is the (albeit super old) script that we were using on the server I'm trying to decommission:

docker run -d --name=netdata \
  -p 127.0.0.1:19999:19999 \
  -v netdatalib:/var/lib/netdata \
  -v netdatacache:/var/cache/netdata \
  -v /etc/passwd:/host/etc/passwd:ro \
  -v /etc/group:/host/etc/group:ro \
  -v /proc:/host/proc:ro \
  -v /sys:/host/sys:ro \
  -v /etc/hostname:/etc/hostname:ro \
  -v /etc/os-release:/host/etc/os-release:ro \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e NETDATA_CLAIM_TOKEN="H8uQmL... (the old token)" \
  -e NETDATA_CLAIM_URL="https://app.netdata.cloud" \
  -e NETDATA_CLAIM_ROOMS="redacted" \
  --restart unless-stopped \
  --cap-add SYS_PTRACE \
  --security-opt apparmor=unconfined \
  --hostname testing-dean.coder.com \
  netdata/netdata

Screenshots

Image

New node claiming successfully with old token:

Image

Error Logs

n/a

Desktop

n/a

Additional context

Space ID: 2e496afd-456a-45d7-b035-43190c65af60
The old claim token that still works starts with H8uQmL

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingneeds triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions