NetWorker-REST-API: Wie verwende ich einen Remote-AUTHC-Server bei der Verarbeitung von RESTAPI-Anfragen?
Summary: In Umgebungen mit mehreren NetWorker-Datenzonen kann die NetWorker-Authentifizierung über einen einzigen authc-Server konfiguriert werden. In diesem Wissensdatenbank-Artikel wird beschrieben, wie NetWorker-REST-API-Funktionen mithilfe eines Headers ausgeführt werden, der den API-Aufruf anweist, den designierten NetWorker authc-Server anstelle des in der API-URI angegebenen NetWorker-Servers zu verwenden. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Die NetWorker-REST-API-Schnittstelle wird verwendet, um programmgesteuert auf den NetWorker-Data-Protection-Service zuzugreifen. Da der NetWorker-Authentifizierungsservice (authc) auf einem Remote-NetWorker-Server konfiguriert ist, muss die NetWorker-REST-API-Anforderung die authc-Informationen enthalten. Die NetWorker REST API v3-Schnittstelle und höher kann den authc-Server mit einem nutzerdefinierten Header enthalten. Der Schlüsselwert sollte die IP-Adresse des authc-Servers oder den vollständig qualifizierten Domainnamen (FQDN) und den authc-Port (Standard = 9090) enthalten:
Das folgende Beispiel eines API-Clients zeigt, wie dieser Header verwendet wird, um den API-URI (Uniform Resource Identifier) anzuweisen, den im Header angegebenen Host für die Autorisierung anstelle des im URI angegebenen Hosts zu verwenden.
Wenn Sie keinen Zugriff auf einen API-Client haben, kann dies auch mit dem Linux-Befehl curl bestätigt werden.
Key: URL DER X-NW-AUTHC-BASIS
Wert: AUTHC_IP/AUTHC_FQDN:9090
Wert: AUTHC_IP/AUTHC_FQDN:9090
Das folgende Beispiel eines API-Clients zeigt, wie dieser Header verwendet wird, um den API-URI (Uniform Resource Identifier) anzuweisen, den im Header angegebenen Host für die Autorisierung anstelle des im URI angegebenen Hosts zu verwenden.
In diesem Beispiel stellen wir eine Verbindung zur REST API auf einem NetWorker-Server "nve" her:
nve:~ # tail -n 1 /nsr/logs/restapi/restapi.log
2024-02-07 10:51:25.512 INFO [https-jsse-nio-9090-exec-4] c.e.n.w.WebApiResponse -Response status Method: 'GET', URI:'v3/global', Status '200'
Die Autorisierung für diese Anforderung wurde jedoch auf "networker-mc" verarbeitet:
root@networker-mc:~# tail -n 1 /nsr/authc/logs/localhost_access_log.2024-02-07.txt
192.168.25.12 - - [07/Feb/2024:10:51:25 -0500] "POST /auth-server/api/v1/sec/authenticate HTTP/1.1" 201 12209
Wenn Sie keinen Zugriff auf einen API-Client haben, kann dies auch mit dem Linux-Befehl curl bestätigt werden.
Syntax:
Beispiel:
curl -v -k --header "X-NW-AUTHC-BASE-URL:REMOTE_AUTHC_SERVER_ADDRESS:9090" --user Administrator https://NETWORKER_SERVER_ADDRESS:9090/nwrestapi/v3/global/...
Beispiel:
nve:~ # curl -v -k --header "X-NW-AUTHC-BASE-URL:networker-mc:9090" --user Administrator https://nve:9090/nwrestapi/v3/global/
Enter host password for user 'Administrator':
* Trying 192.168.25.12...
* TCP_NODELAY set
* Connected to nve (192.168.25.12) port 9090 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=TX; L=Round Rock; O=DELL; OU=NetWorker; CN=nve.amer.local
* start date: Oct 8 13:55:46 2019 GMT
* expire date: Oct 1 13:55:46 2044 GMT
* issuer: C=US; ST=TX; L=Round Rock; O=DELL; OU=NetWorker; CN=nve.amer.local
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'Administrator'
> GET /nwrestapi/v3/global/ HTTP/1.1
> Host: nve:9090
> Authorization: Basic QWRtaW5pc3RyYXRvcjpBZG1pblBhc3NAMDE=
> User-Agent: curl/7.60.0
> Accept: */*
> X-NW-AUTHC-BASE-URL:networker-mc:9090
>
< HTTP/1.1 200
< Content-Security-Policy: frame-ancestors 'none';script-src' 'self';object-src 'self'
< Strict-Transport-Security: max-age=31536000
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< Date: Wed, 07 Feb 2024 15:41:33 GMT
< Cache-Control: no-cache,no-store,must-revalidate
< Pragma: no-cache
< Expires: 0
< Content-Type: application/json
< Transfer-Encoding: chunked
< Server: NSR SERVICES for Authentication
<
{"links":[{"href":"https://nve:9090/nwrestapi/v3/global/alerts","title":"List of alert messages"},{"href":"https://nve:9090/nwrestapi/v3/global/auditlogconfig","title":"Audit log configuration"},{"href":"https://nve:9090/nwrestapi/v3/global/auditlogconfigs","title":"Audit log configurations"},{"href":"https://nve:9090/nwrestapi/v3/global/backups","title":"List of backups"},{"href":"https://nve:9090/nwrestapi/v3/global/clients","title":"List of clients"},{"href":"https://nve:9090/nwrestapi/v3/global/cloudboostappliances","title":"List of cloudboost appliances"},{"href":"https://nve:9090/nwrestapi/v3/global/datadomainsystems","title":"List of data domain systems"},{"href":"https://nve:9090/nwrestapi/v3/global/dddevicereplication","title":"DD device replication"},{"href":"https://nve:9090/nwrestapi/v3/global/devices","title":"List of storage devices"},{"href":"https://nve:9090/nwrestapi/v3/global/directives","title":"List of backup directives"},{"href":"https://nve:9090/nwrestapi/v3/global/inspect","title":"Inspect remote/local server"},{"href":"https://nve:9090/nwrestapi/v3/global/jobgroups","title":"List of job groups"},{"href":"https://nve:9090/nwrestapi/v3/global/jobindications","title":"List of job indications"},{"href":"https://nve:9090/nwrestapi/v3/global/jobs","title":"List of jobs"},{"href":"https://nve:9090/nwrestapi/v3/global/jukeboxes","title":"List of jukeboxes"},{"href":"https://nve:9090/nwrestapi/v3/global/labels","title":"List of volume label templates"},{"href":"https://nve:9090/nwrestapi/v3/global/licenseconfig","title":"Server license configuration"},{"href":"https://nve:9090/nwrestapi/v3/global/licenses","title":"List of license templates"},{"href":"https://nve:9090/nwrestapi/v3/global/lockbox","title":"Lockbox resource"},{"href":"https://nve:9090/nwrestapi/v3/global/mediaconfig","title":"Server media configuration"},{"href":"https://nve:9090/nwrestapi/v3/global/mobilestorageunits","title":"Mobile storage units."},{"href":"https://nve:9090/nwrestapi/v3/global/nasdevices","title":"List of NAS devices"},{"href":"https://nve:9090/nwrestapi/v3/global/notifications","title":"List of notification settings"},{"href":"https://nve:9090/nwrestapi/v3/global/nsrcloneconfig","title":"NSR Clone Configuration"},{"href":"https://nve:9090/nwrestapi/v3/global/pools","title":"List of pools"},{"href":"https://nve:9090/nwrestapi/v3/global/probes","title":"List of probes"},{"href":"https://nve:9090/nwrestapi/v3/global/protectiongroups","title":"List of protection groups"},{"href":"https://nve:9090/nwrestapi/v3/global/protectionpolicies","title":"List of protection policies"},{"href":"https://nve:9090/nwrestapi/v3/global/recoverapps","title":"List of recovery applications"},{"href":"https://nve:9090/nwrestapi/v3/global/recovers","title":"List of recover resources"},{"href":"https://nve:9090/nwrestapi/v3/global/rules","title":"List of rules"},{"href":"https://nve:9090/nwrestapi/v3/global/schedules","title":"List of schedules"},{"href":"https://nve:9090/nwrestapi/v3/global/securityconfig","title":"Server security configurati* Connection #0 to host nve left intact
on"},{"href":"https://nve:9090/nwrestapi/v3/global/serverconfig","title":"Server configuration"},{"href":"https://nve:9090/nwrestapi/v3/global/servermessages","title":"List of server messages"},{"href":"https://nve:9090/nwrestapi/v3/global/serverstatistics","title":"Server statistics"},{"href":"https://nve:9090/nwrestapi/v3/global/sessions","title":"List of save/recover sessions"},{"href":"https://nve:9090/nwrestapi/v3/global/storagenodes","title":"List of storage nodes"},{"href":"https://nve:9090/nwrestapi/v3/global/tenants","title":"Restricted data zone protection"},{"href":"https://nve:9090/nwrestapi/v3/global/timepolicies","title":"List of Time Policies"},{"href":"https://nve:9090/nwrestapi/v3/global/usergroups","title":"List of user groups"},{"href":"https://nve:9090/nwrestapi/v3/global/vmware","title":"View of VMware objects"},{"href":"https://nve:9090/nwrestapi/v3/global/volumes","title":"List of volumes"}]}
Protokolle:
Authentifizierungsserver:
Linux: Windows: /nsr/authc/logs
: C:\Programme\EMC NetWorker\nsr\authc-server\tomcat\logs
REST API (NetWorker-Server):
Linux: /nsr/logs/restapi/restapi.log
Windows: C:\Programme\EMC NetWorker\nsr\logs\restapi\restapi.log
Additional Information
NetWorker: So aktivieren Sie AUTHC DEBUG zu Troubleshooting-Zwecken
Networker: So aktivieren Sie das REST-API-Debugging
NetWorker – Handbuch zur REST API-Triage
Networker: So aktivieren Sie das REST-API-Debugging
NetWorker – Handbuch zur REST API-Triage
Affected Products
NetWorkerProducts
NetWorkerArticle Properties
Article Number: 000011247
Article Type: How To
Last Modified: 04 Mar 2025
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.