For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JD1's avatar
JD1
Icon for Altostratus rankAltostratus
Jun 10, 2015

iControl - PHP - Errors, only on Linux.

Hi All,

I'm pulling some hair out here trying to use PHP's built-in soapclient against F5 iControl, but it only appears to be when the script is run on it's destined Linux system. Works fine on my dev box which is Windows 7 SP1 (using XAMPP).

The error I get is:

SOAP-ERROR: Parsing WSDL: Couldn't load from 'https:///iControl/iControlPortal.cgi?WSDL=System.SystemInfo' : failed to load external entity "https:///iControl/iControlPortal.cgi?WSDL=System.SystemInfo"

My Script looks like the following, which seems to be standard:

$username = "";
$password = "";
$host = "";
$location = "https://$host/iControl/iControlPortal.cgi";
$client = new SoapClient(sprintf("%s?WSDL=%s", $location, "System.SystemInfo"),array('location'=>$location,'login'=>$username,'password'=>$password));
$systemInformation = $client->get_system_information();
$productInformation = $client->get_product_information();

I have suspected originally it was something to do with SSL verifying peers, allowing self certified certs and so forth, but no amount of stream_contexts makes a difference.

Distributions I've tried running this on Arch, Centos and Ubuntu.

I appreciate this may not be specifically an F5 iControl issue, but I would expect I'm not the only one to run into this issue... Surely?

I can't use iControlREST at this time (I'd love to!) as I still have some pre-11.5.0 BIG-IPs on my estate

Any advice would be greatly received!

Thanks,

JD.

devops
iControl
management
php

1 Reply

  • Joe_Pruitt's avatar
    Joe_Pruitt
    Jun 12, 2015

    I'm assuming you aren't actually passing through "" as the error indicates and that "" is actually the address of your bigip management interface. If you are passing through a correct hostname and user/pass, then it's most likely due to BIG-IP's self-signed certs. Other tool kits allow you to bypass hostname verification. I found this link that may be helpful to you:

    http://stackoverflow.com/questions/8443618/disable-certificate-verification-in-php-soapclient

    It shows doing something like this:

    $context = stream_context_create(array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    )
));

$client  = new SoapClient(null, array( 
    'location' => 'https://...',
    'uri' => '...', 
    'stream_context' => $context
));

    Hope this helps...

    -Joe