解决了

未经授权用于Nutanix REST API。检查用户名和密码

t
Userlevel 1
徽章 +2
我正在尝试将Zenoss连接到Nutanix Prism群集,并为监视人员提供了一个用户名和PW以及群集IP。他们正在尝试连接错误,错误是在此帖子的标题中。检查用户名和密码

因此,我向监视人员提供了Nutanix帐户和PW,但它仍然出现相同的错误。

请指教。我必须在这里缺少一些东西。
图标

最好的答案Thegman2019年8月8日,20:22

查看原件
    \n
    \nSo I then provided the monitoring guys the nutanix account and pw and it still spits out the same error.
    \n
    \nPlease advise. I have to be missing something here.","quoteUsername":"theGman","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    该主题已关闭以供评论

    6个答复

    b
    UserLevel 2
    徽章 +1
    不确定这是否会有所帮助,但是我正在使用API​​呼叫完成PowerShell脚本,因为不存在必要的PowerShell cmdlet。这是对我有用的代码段:

    代码: 
    $ header = @{“授权” =“ basic”+[system.convert] :: tobase64String([System.text.Encoding] :: utf8.getBytes($ username+“:”+$ password)}}}

    foreach($集群中的$ cluster){
    Connect -NutanixCluster -Server $ cluster -username $ username -password $ secpassword -Acceptinvalidsslcerts -forcedConnection |淘汰
    $ pdlist = get-ntnxprotectiondomain |其中{$_。活动-eq $ true}

    foreach($ pd in $ pdlist){
    $ url =“ https://”+$ cluster+“:9440/prismgateway/services/rest/v1/v1/procection_domains/”+$ pd.name+“/schedule+”
    尝试{$ output = Invoke -restmethod -method get -uri $ url -headers $ header -useBasicParsing} catch {$ output =''}


    他们将cmdlet sectword是一个证券对象,但其余标题中的密码是明文的。

    我怀疑标题信息或URL可能会有一个线索。我花了一段时间才找到URL的“ Prismgateway/Services/REST/V1”部分。

    仅供参考,我从中获得了代码http://myvirtualcloud.net/how-to-to-powershell-connection-nutanix-nutanix-and-cute-your-1st-query/
    \n
    \n
    code:<\/b>
    $Header = @{\"Authorization\" = \"Basic \"+[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($username+\":\"+$password ))}

    foreach ($Cluster in $Clusters) {
      Connect-NutanixCluster -Server $cluster -UserName $username -Password $secpassword -AcceptInvalidSSLCerts -ForcedConnection | Out-Null
      $pdlist = Get-NTNXProtectionDomain | Where {$_.Active -eq $true} 

      foreach ($pd in $pdlist) {
        $URL = \"https:\/\/\"+$Cluster+\":9440\/PrismGateway\/services\/rest\/v1\/protection_domains\/\"+$pd.name+\"\/schedules\"
        try { $output = Invoke-RestMethod -Method Get -Uri $URL -Headers $Header -UseBasicParsing } catch { $output = '' }
    <\/pre><\/div>
    \n
    \nThey secpassword to the cmdlet is a securestring object, but the password in the REST header is plaintext.
    \n
    \nI suspect there might ber a clue in the header info, or perhaps the URL.  It took me a while to find the \"PrismGateway\/services\/rest\/v1\" part of the URL.
    \n
    \nFYI, I got code from http:\/\/myvirtualcloud.net\/how-to-establish-powershell-connection-to-nutanix-and-execute-your-1st-query\/<\/a>","quoteUsername":"bbeavis","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    t
    Userlevel 1
    徽章 +2
    谢谢,我没有试图编码任何内容,我正在尝试连接开箱即用的第三方工具,以与Nutanix合作监视Nutanix基础架构。错误消息将有一个人认为这是一个权利问题,我尝试了我创建的新本地帐户以及Nutanix帐户,这两个帐户都可以允许我连接到Prism。

    Zenoss的Nutanix Zenpack的文档简单地指出,输入用户名,PW和IP进行连接..以及有关暴露V1和V2 API的一些信息...到目前为止,我对此产品的经验不足以理解,我正在尝试尝试保持积极..
    \n
    \nThe documentation for the Nutanix Zenpack for Zenoss simply states enter the username, pw and IP to connect.. and also something about exposing v1 and v2 APis... so far my experiences with this product are less than desirable and I'm trying to remain positive..","quoteUsername":"theGman","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    b
    UserLevel 2
    徽章 +1
    我为此使用的帐户和我们的Nagios检查是本地Prism元素帐户。我不知道Prism Central帐户是否有效。另外,我认为本地帐户必须是观众角色。

    另请注意,我还通过SNMP进行Nagios检查。是使用SNMP的监视工具吗?这是SNMP设置中的一个单独的用户帐户(有一个用户选项卡)。我认为SNMP V3是需要用户/通行证,V1和V2使用社区字符串的v3。我的配置有一个用户名,一个authkey和privkey,因此我正在使用V3。我认为该命令还需要安全类型(AES,SHA等)https://portal.nutanix.com/#/page/kbs/details?targetId=ka0600000008baecay
    \n
    \nAlso note, I also do Nagios checks via SNMP. Is the monitoring tool using SNMP? That is a separate user account in the SNMP settings (there is a user tab). I think SNMP v3 is the one that needs user\/pass, v1 and v2 use community strings. My config has a username, an authkey and a privkey, so I am using v3. I think the command also require the security type (AES, SHA, etc.) https:\/\/portal.nutanix.com\/#\/page\/kbs\/details?targetId=kA0600000008bAECAY<\/a>","quoteUsername":"bbeavis","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    t
    Userlevel 1
    徽章 +2
    嗨,BBEAVIS-为此,我想知道这一点,但是现实是Nutanix的Zenoss Zenpack并未对设备进行轮询,它正在连接到API,这就是为什么错误弹出有关未获得API的错误的原因。

    一件事让我感到震惊,将Zenoss连接到Nutanix的第一个说明是“您必须揭露V1和V2 API”。.我在Nutanix文档中看不到任何内容都指向任何需要进行的配置“暴露API”

    我已经尝试了我创建的本地帐户和Nutanix帐户,但是两个帐户都带回了相同的错误。

    我现在开始相信这是其他沟通错误,这些错误正在误解。但是,没有防火墙阻止设备之间的流量。我们能够与Prism Central建立成功的联系,但我们还没有准备好与之生活,因此我们首先与Prism E连接。此外,连接到集群IP提供了Prism Central不提供的冗余,因此我更喜欢将棱镜E作为监视我们的Nutanix群集的连接点,并将Prism保持中心以进行其他MGMT使用。

    HTTP代理和白名单怎么样?我们在Prism中配置了代理,我需要在列出查询系统的Zenoss收集器的IPS时吗?我还没有尝试过,直到群集健康,也无法做到,显然还有一个工程师正在进行的支持电话,所以我还不能测试任何东西。
    \n
    \nOne thing strikes me, the very first bit of instructions for connecting Zenoss to Nutanix is \"you must expose the v1 and v2 APIs\" .. I don't see anything in Nutanix documentation that points to any configurations that would need to be made to \"expose the APIs\"
    \n
    \nAnd I have tried both local account I created and the nutanix account, but both accounts bring the same error back.
    \n
    \nI am now beginning to believe this is some other communication error that is being mis-interpreted. However, there is no firewall blocking the traffic between the devices. We were able to make a sucessful connection to Prism Central but we aren't ready to go live with it yet so we are first connecting to Prism E. Also, connecting to the cluster IP provides redundancy that Prism Central doesn't offer, so I prefer to use Prism E as the connection point to monitor our nutanix clusters and keep prism central for other mgmt usage.
    \n
    \nHow about the http proxy and whitelist? we have the proxy configured in prism, do I need to while list the IPs of the Zenoss collectors that query the system? I haven't tried this yet and won't be able to until the cluster is healthy, apparently there is a support call in progress by a fellow engineer so I can't test anything yet.","quoteUsername":"theGman","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    b
    UserLevel 2
    徽章 +1
    不幸的是,我不使用代理。在暴露API方面,我没有做任何特别的事情。看来V1-V3在我的系统上开放,但我认为每个版本的API URL不同。

    代码: 
    /Prismgateway/Services/REST/V1/
    /prismgateway/services/rest/v2.0/
    /api/nutanix/v3/


    您可能会遇到身份验证错误,但这将表明PE正在侦听API URL。

    因此,尝试从浏览器中尝试
    代码: 
    https://:9440/prismgateway/services/rest/v1/vms
    https://:9440/prismgateway/services/rest/v2.0/vms
    https://:9440/api/nutanix/v3/vms


    如果您遇到404或500错误,那么应该研究更深入的事情(我想)。理想情况下,如果您可以通过监视系统(WGET或Curl If Linux)执行此操作,那么这可能有助于查明位置。如果您想要成功的结果,则需要像代码示例中的用户/传递请求的标题。
    \n
    \n
    code:<\/b>
    \/PrismGateway\/services\/rest\/v1\/
    \/PrismGateway\/services\/rest\/v2.0\/
    \/api\/nutanix\/v3\/
    <\/pre><\/div>
    \n
    \nYou will probably get an authentication error, but that will show the PE is listening on the api urls.
    \n
    \nso try from a browser,
    \n
    code:<\/b>
    https:\/\/:9440\/PrismGateway\/services\/rest\/v1\/vms
    https:\/\/:9440\/PrismGateway\/services\/rest\/v2.0\/vms
    https:\/\/:9440\/api\/nutanix\/v3\/vms
    <\/pre><\/div>
    \n
    \nIf you get a 404 or 500 error, then something deeper should be looked into (I would think).  Ideally, if you can do this from the monitoring system (wget or curl if linux) then that might help pinpoint where to look.  If you want a successful result, you need to inject user\/pass in the header of the request, like in the code example.","quoteUsername":"bbeavis","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    t
    Userlevel 1
    徽章 +2
    根据最近的建议,我通过升级到较新版本来解决此问题。我现在为5.10.6。我不认为新版本包含一个分辨率的错误,发行说明没有任何问题,所以我认为我们在AOS中遇到了其他一些问题,这些问题只是在此之后恢复正常升级。
    Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
    Functional","cookiepolicy.modal.level2":"Normal
    Functional + analytics","cookiepolicy.modal.level3":"Complete
    Functional + analytics + social media + embedded videos"}}}">
    Baidu