我正在嘗試使用 REST api 與 F5 負載平衡器進行互動。我已驗證 iControl 已啟用,但是當我嘗試執行命令時,我被告知我未經授權。
curl -k -u someone -H "Content-Type: application/json" -X GET https://f5.example.com/mgmt/
Enter host password for user 'someone':
{"code":404,"message":"http://localhost:8100/mgmt/","restOperationId":202459,"errorStack":["com.f5.rest.common.RestWorkerUriNotFoundException: http://localhost:8100/mgmt/","at com.f5.rest.common.RestServer.trySendInProcess(RestServer.java:231)","at com.f5.rest.common.RestRequestReceiver.dispatchToService(RestRequestReceiver.java:93)","at com.f5.rest.common.RestRequestReceiver.processNext(RestRequestReceiver.java:57)","at com.f5.rest.common.RestHelper$2.run(RestHelper.java:1910)","at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)","at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)","at java.lang.Thread.run(Thread.java:722)\n"]}
我的用戶已根據 Active Directory 進行身份驗證。
我是否需要明確授予使用者存取權限才能使用 REST api?
我需要有本機帳號嗎?
更新
這是另一個例子
使用者「某人」實際上確實存在,因為這是我登入入口網站的方式。
curl -k -u someone -H "Content-Type: application/json" -X GET https://f5.example.com/mgmt/tm/sys
Enter host password for user 'someone':
{"code":401,"message":"Authorization failed: no user named someone found. Uri:http://localhost:8100/mgmt/tm/sys Referer:null","restOperationId":869853,"errorStack":["java.lang.SecurityException: Authorization failed: no user named someone found. Uri:http://localhost:8100/mgmt/tm/sys Referer:null","at com.f5.rest.workers.ForwarderWorker.evaluatePermission(ForwarderWorker.java:411)","at com.f5.rest.workers.ForwarderPassThroughWorker.onForward(ForwarderPassThroughWorker.java:191)","at com.f5.rest.workers.ForwarderPassThroughWorker.onGet(ForwarderPassThroughWorker.java:321)","at com.f5.rest.common.RestWorker.callDerivedRestMethod(RestWorker.java:735)","at com.f5.rest.common.RestWorker.callRestMethodHandler(RestWorker.java:702)","at com.f5.rest.common.RestServer.processQueuedRequests(RestServer.java:1092)","at com.f5.rest.common.RestServer.access$000(RestServer.java:45)","at com.f5.rest.common.RestServer$1.run(RestServer.java:136)","at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)","at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)","at java.lang.Thread.run(Thread.java:722)\n"]}
答案1
其餘介面不使用您設定的正常 F5 方法進行身份驗證。如果您想這樣做,您必須建立一個以 F5 作為池成員的虛擬伺服器,然後修改一些規則以剔除其餘用戶,將其傳遞給您的身份驗證...稍後編寫大量程式碼...成功。
Rest 使用 f5 上其進程的本機使用者和角色。您透過 tmos 建立用戶,然後透過 PATCH 將其關聯到 iControl_REST_API_User 角色。
答案2
有關 iControl REST 遠端身份驗證支持,請參閱這篇關於 F5 的 DevCentral 的文章。