Re-register a host (recover from a 401 / revoked key)
If a host's API key is revoked or otherwise rejected, the backend returns
HTTP 401. The agent treats this as a serious event: it halts data
forwarding and logs an explicit action. It does not auto-delete its
credentials. That is a deliberate safety choice so a transient 401 can't
accidentally de-register a host.
How you know
In journalctl -u atherops-otel-agent:
level=error msg="authentication failed (401) — key may be revoked" action="halting; delete /etc/atherops/credentials.json to re-register"
On the Hosts page the host stops updating and goes offline after it misses heartbeats.
Recovery steps
-
Delete the stale credentials on the host:
sudo rm /etc/atherops/credentials.json -
Generate a new install token in the AtherOps web app: Settings → Hosts → Install Token.
-
Re-run the installer with the new token:
curl -sSL https://releases.atherops.com/otel-agent/install.sh | sudo INSTALL_TOKEN=<token> bashThe installer registers the host again, writes a fresh
/etc/atherops/credentials.json(mode0600), and restarts the service. -
Verify the host is back:
systemctl status atherops-otel-agentjournalctl -u atherops-otel-agent -fLook for
registration completeand the host returning to online on the Hosts page.
A revoked key usually means the host should stop sending data until an operator intervenes. Auto-deleting credentials and silently re-registering could mask a real security event. The agent makes the recovery explicit and one command away.