Reputation: 24596
Connection refused trying to access REST endpoint on BigIP
Attempting to connect to the REST endpoint of my BigIP:
curl https://10.1.0.69/mgmt/shared/appsvcs/info
curl: (7) Failed to connect to 10.1.0.69 port 443: Connection refused
I've seen some posts online stating that this could be due to icrd not being enabled, so to check the status:
admin@(ip-10-1-0-69)(cfg-sync Standalone)(Active)(/Common)(tmos)# show sys service icrd
Couldn't find service: icrd
Next, I've tried enabling:
admin@(ip-10-1-0-69)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify sys service icrd add
Couldn't find service: icrd
My version info:
admin@(ip-10-1-0-69)(cfg-sync Standalone)(Active)(/Common)(tmos)# show /sys version
Sys::Version
Main Package
Product BIG-IP
Version 15.1.0.2
Build 0.0.9
Edition Point Release 2
Date Fri Mar 20 21:06:24 PDT 2020
I've also seen some posts stating that I can do the following:
touch /etc/bigstart/scripts/scim
bigstart add --default icrd
bigstart enable icrd
bigstart start icrd
However,
admin@(ip-10-1-0-69)(cfg-sync Standalone)(Active)(/Common)(tmos)# run /util bash
[admin@ip-10-1-0-69:Active:Standalone] ~ # touch /etc/bigstart/scripts/scim
[admin@ip-10-1-0-69:Active:Standalone] ~ # bigstart add --default icrd
Couldn't find service: icrd
Also:
[admin@ip-10-1-0-69:Active:Standalone] ~ # bigstart status restjavad restnoded
restjavad run (pid 6549) 49 minutes
restnoded run (pid 5650) 49 minutes
Also, it appears the rest api is running but on port 8100:
[admin@ip-10-1-0-69:Active:Standalone] curl http://localhost:8100/mgmt/shared/appsvcs/info
{"code":401,"message":"Authorization failed: no user authentication header or token detected. Uri:http://localhost:8100/mgmt/shared/appsvcs/info Referrer:Unknown Sender:Unknown","referer":"Unknown","restOperationId":6611305,"kind":":resterrorresponse"}
No ports are bound to 443:
[admin@ip-10-1-0-69:Active:Standalone] ~ # netstat -nalt | grep 443
tcp 0 0 127.0.0.1:44352 127.0.0.1:6666 ESTABLISHED
tcp 0 0 127.0.0.1:6666 127.0.0.1:44352 ESTABLISHED
tcp6 0 0 :::8443 :::* LISTEN
Any ideas?
Upvotes: 0
Views: 1634
Answers (1)
Reputation: 670
You don't need to manually start the REST interface anymore (icrd), that was an artifact from pre-11.x versions.
Single NIC installs move the management port to 8443 to keep 443 available for public use on virtual IPs. Firewall ACL's then keep 8443 to mgmt nets. This changes with multi-nic deployments.
For your needs, you can grab a token for use with the API with:
{
"username": "remote_auth_user",
"password": "remote_auth_password",
"loginProviderName": "tmos"
}
- at URL: https://:8100/shared/authn/login (for remote API calls where mgmt is hidden)
- or URL: https://:8443/shared/authn/login
(I'll reverify this just for my sanity)
Once you get the token, store it and you're off to the races for that session.
For the first URL you were trying to access .../shared/appsvcs/.... do you have the AS3 installed on BIG-IP? If it's not installed that URL isn't available.
Here's the AS3 overview and install instructions just in case: F5 Application Services Extension 3 Documentation
It's different from the standard module-based iControlREST for BIG-IP.
If you're still having issues, lemme know and I'll update this answer.
Upvotes: 2
Related Questions
- IP address is not allowed for this token on API CALL
- REST Service not enabled in Bigip 12
- Bigcommerce throwing 403 error even with all scope using postman
- Unable to connect to Google Bigtable using HBase REST api
- BigCommerce API request 500 server error
- Bigcommerce API network error
- BigCommerce PHP API Connection failure
- not able to connect to bigcommerce api
- Bigcommerce API connection error
- BigQuery API - Unable to connect Remote Server