解决了

未经授权用于Nutanix REST API。检查用户名和密码

  • 2019年8月1日
  • 6个答复
  • 2888次观点
t
徽章 +2
我正在尝试将Zenoss连接到Nutanix Prism群集,并为监视人员提供了一个用户名和PW以及群集IP。他们正在遇到错误的错误,错误是在此帖子的标题中。检查用户名和密码

因此,我向监视人员提供了Nutanix帐户和PW,但它仍然出现相同的错误。

请指教。我必须在这里缺少一些东西。
图标

最好的答案Thegman2019年8月8日,20:22

查看原件
    \n
    \nSo I then provided the monitoring guys the nutanix account and pw and it still spits out the same error.
    \n
    \nPlease advise. I have to be missing something here.","quoteUsername":"theGman","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

    6个答复

    b
    UserLevel 2
    徽章 +1
    不确定这是否会有所帮助,但是我正在使用API​​呼叫完成PowerShell脚本,因为不存在必要的PowerShell CMDLET。这是对我有用的代码段:

    代码: 
    $ header = @{“授权” =“ basic”+[system.convert] :: tobase64string([System.text.Encoding] :: utf8.getBytes($ username+“:”+$ password)}}}}

    foreach($集群中的$ cluster){
    Connect -NutanixCluster -Server $ cluster -username $ username -password $ secpassword -Acceptinvalidsslcerts -forceedConnection |淘汰
    $ pdlist = get-ntnxprotectiondomain |其中{$_。活动-eq $ true}

    foreach($ pd in $ pdlist){
    $ url =“ https://”+$ cluster+“:9440/prismgateway/services/rest/v1/v1/procection_domains/”+$ pd.name+“/stargeules”
    尝试{$ output = Invoke -restmethod -method get -uri $ url -headers $ header -useBasicParsing} catch {$ output =''}


    他们将CMDLET授予Securestring对象,但其余标头中的密码是纯文本。

    我怀疑标题信息或URL可能会有一个线索。我花了一段时间才找到URL的“ Prismgateway/Services/REST/V1”一部分。

    仅供参考,我从中获得了代码http://myvirtualcloud.net/how-to-powershell-connection-nutanix-nutanix-and-ectecute-your-1st-query/
    \n
    \n
    code:<\/b>
    $Header = @{\"Authorization\" = \"Basic \"+[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($username+\":\"+$password ))}

    foreach ($Cluster in $Clusters) {
      Connect-NutanixCluster -Server $cluster -UserName $username -Password $secpassword -AcceptInvalidSSLCerts -ForcedConnection | Out-Null
      $pdlist = Get-NTNXProtectionDomain | Where {$_.Active -eq $true} 

      foreach ($pd in $pdlist) {
        $URL = \"https:\/\/\"+$Cluster+\":9440\/PrismGateway\/services\/rest\/v1\/protection_domains\/\"+$pd.name+\"\/schedules\"
        try { $output = Invoke-RestMethod -Method Get -Uri $URL -Headers $Header -UseBasicParsing } catch { $output = '' }
    <\/pre><\/div>
    \n
    \nThey secpassword to the cmdlet is a securestring object, but the password in the REST header is plaintext.
    \n
    \nI suspect there might ber a clue in the header info, or perhaps the URL.  It took me a while to find the \"PrismGateway\/services\/rest\/v1\" part of the URL.
    \n
    \nFYI, I got code from http:\/\/myvirtualcloud.net\/how-to-establish-powershell-connection-to-nutanix-and-execute-your-1st-query\/<\/a>","quoteUsername":"bbeavis","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    t
    徽章 +2
    谢谢,我没有试图编写任何编码,我正在尝试连接开箱即用的第三方工具,以与Nutanix合作监视Nutanix基础架构。错误消息会相信这是一个权利问题,我尝试了我创建的新本地帐户以及Nutanix帐户,这两个帐户都可以允许我连接到Prism。

    Zenoss的Nutanix Zenpack的文档简单地说明了用户名,PW和IP进行连接..以及有关揭露V1和V2 API的一些信息...到目前为止,我对此产品的经验还不是理想的,我正在尝试尝试保持积极..
    \n
    \nThe documentation for the Nutanix Zenpack for Zenoss simply states enter the username, pw and IP to connect.. and also something about exposing v1 and v2 APis... so far my experiences with this product are less than desirable and I'm trying to remain positive..","quoteUsername":"theGman","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    b
    UserLevel 2
    徽章 +1
    我为此使用的帐户和我们的Nagios检查是本地Prism元素帐户。我不知道Prism Central帐户是否有效。另外,我认为本地帐户需要成为观众角色。

    另请注意,我还通过SNMP进行Nagios检查。是否使用SNMP的监视工具?这是SNMP设置中的一个单独的用户帐户(有一个用户选项卡)。我认为SNMP V3是需要用户/通行证,V1和V2使用社区字符串的v3。我的配置有一个用户名,一个authkey和privkey,因此我正在使用V3。我认为该命令还需要安全类型(AES,SHA等)https://portal.nutanix.com/#/page/kbs/details?targetId=ka0600000008baecay
    \n
    \nAlso note, I also do Nagios checks via SNMP. Is the monitoring tool using SNMP? That is a separate user account in the SNMP settings (there is a user tab). I think SNMP v3 is the one that needs user\/pass, v1 and v2 use community strings. My config has a username, an authkey and a privkey, so I am using v3. I think the command also require the security type (AES, SHA, etc.) https:\/\/portal.nutanix.com\/#\/page\/kbs\/details?targetId=kA0600000008bAECAY<\/a>","quoteUsername":"bbeavis","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    t
    徽章 +2
    嗨,BBEAVIS-为此,我想知道这一点,但是现实是Nutanix的Zenoss Zenpack并未对设备进行轮询,它正在连接到API,这就是为什么错误弹出有关未获得API授权的错误的原因。

    一件事让我感到震惊,将Zenoss连接到Nutanix的第一个说明是“您必须揭露V1和V2 API”。.我在Nutanix文档中没有看到任何指向任何需要进行任何配置的内容“揭露API”

    我尝试了我创建的本地帐户和Nutanix帐户,但两个帐户都带回了相同的错误。

    我现在开始相信这是其他误解的其他沟通错误。但是,没有防火墙阻止设备之间的流量。我们能够与Prism Central建立成功的联系,但我们还没有准备好与Prist En一起生活,因此我们首先与Prism E连接。此外,连接到集群IP提供了Prism Central不提供的冗余,因此我更喜欢使用棱镜E作为监视我们的Nutanix群集的连接点,并将Prism保持中心以进行其他MGMT使用。

    HTTP代理和白名单怎么样?我们在Prism中配置了代理,我是否需要在列出查询系统的Zenoss收集器的IPS时?我还没有尝试过,直到群集健康,也无法做到这一点,显然,工程师正在进行一个支持调用,所以我还不能测试任何东西。
    \n
    \nOne thing strikes me, the very first bit of instructions for connecting Zenoss to Nutanix is \"you must expose the v1 and v2 APIs\" .. I don't see anything in Nutanix documentation that points to any configurations that would need to be made to \"expose the APIs\"
    \n
    \nAnd I have tried both local account I created and the nutanix account, but both accounts bring the same error back.
    \n
    \nI am now beginning to believe this is some other communication error that is being mis-interpreted. However, there is no firewall blocking the traffic between the devices. We were able to make a sucessful connection to Prism Central but we aren't ready to go live with it yet so we are first connecting to Prism E. Also, connecting to the cluster IP provides redundancy that Prism Central doesn't offer, so I prefer to use Prism E as the connection point to monitor our nutanix clusters and keep prism central for other mgmt usage.
    \n
    \nHow about the http proxy and whitelist? we have the proxy configured in prism, do I need to while list the IPs of the Zenoss collectors that query the system? I haven't tried this yet and won't be able to until the cluster is healthy, apparently there is a support call in progress by a fellow engineer so I can't test anything yet.","quoteUsername":"theGman","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    b
    UserLevel 2
    徽章 +1
    不幸的是,我不使用代理。在暴露API方面,我没有做任何特别的事情。看来V1-V3在我的系统上开放,但我认为每个版本的API URL不同。

    代码: 
    /Prismgateway/Services/REST/V1/
    /prismgateway/services/rest/v2.0/
    /api/nutanix/v3/


    您可能会遇到身份验证错误,但这将表明PE正在侦听API URL。

    因此,尝试从浏览器中尝试
    代码: 
    https://:9440/prismgateway/services/rest/v1/vms
    https://:9440/prismgateway/services/rest/v2.0/vms
    https://:9440/api/nutanix/v3/vms


    如果您遇到404或500的错误,那么应该更深入研究(我想)。理想情况下,如果您可以从监视系统(WGET或Curl If Linux)执行此操作,那么这可能有助于确定位置的位置。如果您想要成功的结果,则需要像代码示例中的用户/传递请求的标题。
    \n
    \n
    code:<\/b>
    \/PrismGateway\/services\/rest\/v1\/
    \/PrismGateway\/services\/rest\/v2.0\/
    \/api\/nutanix\/v3\/
    <\/pre><\/div>
    \n
    \nYou will probably get an authentication error, but that will show the PE is listening on the api urls.
    \n
    \nso try from a browser,
    \n
    code:<\/b>
    https:\/\/:9440\/PrismGateway\/services\/rest\/v1\/vms
    https:\/\/:9440\/PrismGateway\/services\/rest\/v2.0\/vms
    https:\/\/:9440\/api\/nutanix\/v3\/vms
    <\/pre><\/div>
    \n
    \nIf you get a 404 or 500 error, then something deeper should be looked into (I would think).  Ideally, if you can do this from the monitoring system (wget or curl if linux) then that might help pinpoint where to look.  If you want a successful result, you need to inject user\/pass in the header of the request, like in the code example.","quoteUsername":"bbeavis","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    t
    徽章 +2
    根据最近的建议,我通过升级到较新版本来解决此问题。我现在为5.10.6。我不认为新版本包含一个分辨率的错误,发行说明没有任何问题,所以我认为我们在AOS中遇到了其他一些问题,这些问题只是在此之后简单地恢复正常升级。

    回复


    Baidu