我正在尝试使用 REST API 与 F5 负载均衡器进行交互。我已验证 iControl 已启用,但当我尝试运行命令时,系统提示我未获得授权。
curl -k -u someone -H "Content-Type: application/json" -X GET https://f5.example.com/mgmt/
Enter host password for user 'someone':
{"code":404,"message":"http://localhost:8100/mgmt/","restOperationId":202459,"errorStack":["com.f5.rest.common.RestWorkerUriNotFoundException: http://localhost:8100/mgmt/","at com.f5.rest.common.RestServer.trySendInProcess(RestServer.java:231)","at com.f5.rest.common.RestRequestReceiver.dispatchToService(RestRequestReceiver.java:93)","at com.f5.rest.common.RestRequestReceiver.processNext(RestRequestReceiver.java:57)","at com.f5.rest.common.RestHelper$2.run(RestHelper.java:1910)","at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)","at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)","at java.lang.Thread.run(Thread.java:722)\n"]}
我的用户已通过 Active Directory 进行身份验证。
我是否需要明确授予用户使用 REST API 的权限?
我需要有一个本地帐户吗?
更新
这是另一个例子
用户“某人”确实存在,因为这是我登录网络门户的方式。
curl -k -u someone -H "Content-Type: application/json" -X GET https://f5.example.com/mgmt/tm/sys
Enter host password for user 'someone':
{"code":401,"message":"Authorization failed: no user named someone found. Uri:http://localhost:8100/mgmt/tm/sys Referer:null","restOperationId":869853,"errorStack":["java.lang.SecurityException: Authorization failed: no user named someone found. Uri:http://localhost:8100/mgmt/tm/sys Referer:null","at com.f5.rest.workers.ForwarderWorker.evaluatePermission(ForwarderWorker.java:411)","at com.f5.rest.workers.ForwarderPassThroughWorker.onForward(ForwarderPassThroughWorker.java:191)","at com.f5.rest.workers.ForwarderPassThroughWorker.onGet(ForwarderPassThroughWorker.java:321)","at com.f5.rest.common.RestWorker.callDerivedRestMethod(RestWorker.java:735)","at com.f5.rest.common.RestWorker.callRestMethodHandler(RestWorker.java:702)","at com.f5.rest.common.RestServer.processQueuedRequests(RestServer.java:1092)","at com.f5.rest.common.RestServer.access$000(RestServer.java:45)","at com.f5.rest.common.RestServer$1.run(RestServer.java:136)","at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)","at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)","at java.lang.Thread.run(Thread.java:722)\n"]}
答案1
其余接口不使用您配置的常规 F5 方法进行身份验证。如果要这样做,您必须创建一个虚拟服务器,将 F5 作为池成员,然后修改一些规则以删除其余用户,并将其传递给您的身份验证... 稍后会有很多代码... 成功。
Rest 使用 f5 上其进程的本地用户和角色。您通过 tmos 创建用户,然后通过 PATCH 将其关联到 iControl_REST_API_User 角色。
答案2
有关 iControl REST 远程身份验证支持,请参阅F5 DevCentral 上的这篇文章。