Forum Discussion
NimbostratusiControl 500 Can't connect
I am new to iControl so I figured I would download the windows iControl SDK version 11.1 and try to use the SystemServices.pl perl file to connect to our internal F5. I am running Strawberry Perl on a Win 7 64bit machine. When I run the following command: "install dir"\perl5.16.3 SystemServices.pl "host IP address" "host port" "Uid" "Pwd". I get the following error: 500 Can't connect to "host IP address":"host port" at SystemServices.pl line 82
Below is the script that I am running from the SDK, and Line 82 is the following line: $soapResponse = $soap->get_all_service_statuses();
Wondering if anyone can help with the error I am seeing! Also if I use a Web browser I can get to the following url with no issues: https://"host IP address":"host port"/iControl/iControlPortal.cgi?WSDL=System.Services
!/usr/bin/perl
----------------------------------------------------------------------------
The contents of this file are subject to the "END USER LICENSE AGREEMENT FOR F5
Software Development Kit for iControl"; you may not use this file except in
compliance with the License. The License is included in the iControl
Software Development Kit.
Software distributed under the License is distributed on an "AS IS"
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
the License for the specific language governing rights and limitations
under the License.
The Original Code is iControl Code and related documentation
distributed by F5.
The Initial Developer of the Original Code is F5 Networks,
Inc. Seattle, WA, USA. Portions created by F5 are Copyright (C) 1996-2004 F5 Networks,
Inc. All Rights Reserved. iControl (TM) is a registered trademark of F5 Networks, Inc.
Alternatively, the contents of this file may be used under the terms
of the GNU General Public License (the "GPL"), in which case the
provisions of GPL are applicable instead of those above. If you wish
to allow use of your version of this file only under the terms of the
GPL and not to allow others to use your version of this file under the
License, indicate your decision by deleting the provisions above and
replace them with the notice and other provisions required by the GPL.
If you do not delete the provisions above, a recipient may use your
version of this file under either the License or the GPL.
----------------------------------------------------------------------------
use SOAP::Lite + trace => qw(method debug);
use SOAP::Lite;
use MIME::Base64;
BEGIN { push (@INC, ".."); }
use iControlTypeCast;
----------------------------------------------------------------------------
Validate Arguments
----------------------------------------------------------------------------
my $sHost = $ARGV[0];
my $sPort = $ARGV[1];
my $sUID = $ARGV[2];
my $sPWD = $ARGV[3];
my $sProtocol = "https";
if ( ("80" eq $sPort) or ("8080" eq $sPort) )
{
$sProtocol = "http";
}
if ( ($sHost eq "") or ($sPort eq "") or ($sUID eq "") or ($sPWD eq "") )
{
die ("Usage: SystemServices.pl host port uid pwd\n");
}
----------------------------------------------------------------------------
Transport Information
----------------------------------------------------------------------------
sub SOAP::Transport::HTTPS::Client::get_basic_credentials
{
return "$sUID" => "$sPWD";
}
$soap = SOAP::Lite
-> uri('urn:iControl:System/Services')
-> proxy("$sProtocol://$sHost:$sPort/iControl/iControlPortal.cgi");
eval { $soap->transport->https_request->header
(
'Authorization' =>
'Basic ' . MIME::Base64::encode("$sUID:$sPWD", '')
); };
&getServiceStatuses();
sub getServiceStatuses
{
print "==========================================================\n";
print "System Services\n";
print "------------------\n";
$soapResponse = $soap->get_all_service_statuses();
if ( $soapResponse->fault )
{
my $faultcode = $soapResponse->faultcode;
my $faultstring = $soapResponse->faultstring;
$sshd_status = "FAULT : $faultcode : $faultstring";
}
else
{
my @ServiceStatusSeq = @{$soapResponse->result};
foreach my $ServiceStatus (@ServiceStatusSeq)
{
$service = $ServiceStatus->{"service"};
$status = $ServiceStatus->{"status"};
print "$service : $status\n";
}
}
}13 Replies
Silly question, but what port are you specifying to the script? It should be 443 for it to work. I put the option for port 80 in the samples for debugging purposes for those that were willing to disable SSL and enable straight HTTP on the admin GUI for diagnostic purposes (NOT RECOMMENDED).
The default is 443 over HTTPS and that's what we recommend you use.
If you are getting a "cannot connect" error and you are using port 443, try opening a browser and try opening https://host_ip_address and see if that works. If you can get to the host_ip_address with a browser, you should be able to with the SOAP::Lite library.
If all of that looks right, make sure you have the Crypt::SSLeay module installed in your perl distribution.
-Joe
Nick_125581Joe, Thanks for the reply. I am using port 443 and I can get to the following URL with no problems https://"host IP address":443/iControl/iControlPortal.cgi?WSDL=System.Services. Also I did install the Crypt::SSLeay module as documented here http://search.cpan.org/dist/Crypt-SSLeay/SSLeay.pmCrypt::SSLeay. Is there anything else I can check to see if I have configured things correctly? Is there another script I can run to help debug?
Nick
Michael_YatesIf there is any question about the readiness of the device you can always verify your BIG-IP by downloading and connecting to it with the iRule Editor since it uses iControl as well.
I'm not much use with Perl, but the process of elimination might help.
- Nick_125581
Michael, Thanks for the suggestion, I was able to connet to the BIG-IP using the iRule Editor. Any other suggestions on where to go from here?
Update your code with this new line and see what it prints out
if ( ("80" eq $sPort) or ("8080" eq $sPort) ) { $sProtocol = "http"; } new line print "iControl URL: $sProtocol://$sHost:$sPort/iControl/iControlPortal.cgi" print "Credentials: $sUID : $sPWD";I'd then take the output of that and try to open that URL in a browser with the exact same credentials. Cannot connect is almost always an error with the protocol (http vs https), the IP, or the port.
Also, I'm assuming you are running this from the same machine as you are successfully connecting to with the iRule Editor. Is that correct?
- Nick_125581
Joe, So yes I am using the same machine that I am connecting with the iRule Editor. I was able to take the URL that gets printed and paste that in a browser and get to the correct page. But I do get a certificate error that says
There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. The security certificate presented by this website was issued for a different website's address.
And if I select continue to this website I get in. Could this be a self-signed cert issue?
Ahhh, I forgot about the Perl LWP self signed cert warning that was introduced in new versions of perl.
Try adding this to the top of your code:
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME}=0
Found that reference at this link:
http://charlieharvey.org.uk/page/perl_ssl_certificate_skip
Let me know if that works...
- Nick_125581
Ok, so now I don't get the 500 can't connect error but I do get this:
******************************************************************* Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER together with SSL_ca_file|SSL_ca_path for verification. If you really don't want to verify the certificate and keep the connection open to Man-In-The-Middle attacks please set SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. ******************************************************************* at (Install Dir)/strawberry/perl/vendor/lib/LWP/Protocol/http.pm line 31. 401 F5 Authorization Required at SystemServices.pl line 83.I found that by adding Use NET::SSL I can get rid of the warning message but I still get the 401 error. Any suggestions here.
Uggg, Perl has always been the easiest of our supported languages to figure out. I'll have to upgrade to the latest version of perl and try to replicate this. What platform are you on (windows, mac, linux, etc) and what is your version of perl?
As for the 401, this is the Authorization header that's passed through. Double check that parameters 3 and 4 for the script are correct and are properly escaped if they have special characters for your platform (ie. % for windows, $ for unix/etc). Just make sure that the debug print line I included above for the credentials are the same as you typed in on the browser. If you are absolutely sure you have the credentials correct, you can turn on SOAP::Lite trace debugging by switching the two use SOAP::Lite lines at the top, running the script, and then passing it along to me directly at joe at f5 dot com and I can look to make sure the headers are getting passed correctly.
- Nick_125581
Current configuration: Win 7 64bit, Java 1.7 64bit, Strawberry Perl 5.16.3.1 64bit, Crypt-SSLeay-0.64, 11.1.0 iControl Windows SDK.
I did verify the credentials and they are the same, I have created the debug log and will email you the results. Thanks!
