NetWorker REST API:處理 RESTAPI 要求時,如何使用遠端 AUTHC 伺服器?

Summary: 在具有多個 NetWorker 資料區的環境中,可透過單一 authc 伺服器設定 NetWorker 驗證。本 KB 詳細說明如何使用標頭來執行 NetWorker REST API 功能,以指示 API 呼叫使用指定的 NetWorker 認證伺服器,而非 API URI 中指定的 NetWorker 伺服器。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

NetWorker REST API 介面是用來以編程的方式存取 NetWorker 資料保護服務。  NetWorker Authentication Service (authc) 是在遠端 NetWorker 伺服器上設定,因此 NetWorker REST API 要求必須包含 authc 資訊。  NetWorker REST API v3 介面和更新版本可包含具有自訂標頭的 authc 伺服器。  金鑰值應提供認證伺服器 IP 位址或完整網域名稱 (FQDN) 和認證連接埠 (default=9090):
 
Key: X-NW-AUTHC-BASE-URL
值:AUTHC_IP/AUTHC_FQDN:9090

以下 API 用戶端示例演示如何使用此標頭指示 API 統一資源識別碼 (URI) 使用標頭中指定的主機進行授權,而不是 URI 中指定的主機。
image.png


在此範例中,我們要連線至 NetWorker 伺服器「nve」上的 REST API:

nve:~ # tail -n 1 /nsr/logs/restapi/restapi.log
2024-02-07 10:51:25.512 INFO  [https-jsse-nio-9090-exec-4] c.e.n.w.WebApiResponse -Response status Method: 'GET', URI:'v3/global', Status '200'

但是,此要求的授權是在「networker-mc」上處理:

root@networker-mc:~# tail -n 1 /nsr/authc/logs/localhost_access_log.2024-02-07.txt
192.168.25.12 - - [07/Feb/2024:10:51:25 -0500] "POST /auth-server/api/v1/sec/authenticate HTTP/1.1" 201 12209

如果您無法存取 API 用戶端,也可以使用 linux curl 命令來確認。
語法:  
curl -v -k --header "X-NW-AUTHC-BASE-URL:REMOTE_AUTHC_SERVER_ADDRESS:9090" --user Administrator https://NETWORKER_SERVER_ADDRESS:9090/nwrestapi/v3/global/...

範例: 
nve:~ # curl -v -k --header "X-NW-AUTHC-BASE-URL:networker-mc:9090" --user Administrator https://nve:9090/nwrestapi/v3/global/
Enter host password for user 'Administrator':
*   Trying 192.168.25.12...
* TCP_NODELAY set
* Connected to nve (192.168.25.12) port 9090 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=TX; L=Round Rock; O=DELL; OU=NetWorker; CN=nve.amer.local
*  start date: Oct  8 13:55:46 2019 GMT
*  expire date: Oct  1 13:55:46 2044 GMT
*  issuer: C=US; ST=TX; L=Round Rock; O=DELL; OU=NetWorker; CN=nve.amer.local
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'Administrator'
> GET /nwrestapi/v3/global/ HTTP/1.1
> Host: nve:9090
> Authorization: Basic QWRtaW5pc3RyYXRvcjpBZG1pblBhc3NAMDE=
> User-Agent: curl/7.60.0
> Accept: */*
> X-NW-AUTHC-BASE-URL:networker-mc:9090
>
< HTTP/1.1 200
< Content-Security-Policy: frame-ancestors 'none';script-src' 'self';object-src 'self'
< Strict-Transport-Security: max-age=31536000
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< Date: Wed, 07 Feb 2024 15:41:33 GMT
< Cache-Control: no-cache,no-store,must-revalidate
< Pragma: no-cache
< Expires: 0
< Content-Type: application/json
< Transfer-Encoding: chunked
< Server: NSR SERVICES for Authentication
<
{"links":[{"href":"https://nve:9090/nwrestapi/v3/global/alerts","title":"List of alert messages"},{"href":"https://nve:9090/nwrestapi/v3/global/auditlogconfig","title":"Audit log configuration"},{"href":"https://nve:9090/nwrestapi/v3/global/auditlogconfigs","title":"Audit log configurations"},{"href":"https://nve:9090/nwrestapi/v3/global/backups","title":"List of backups"},{"href":"https://nve:9090/nwrestapi/v3/global/clients","title":"List of clients"},{"href":"https://nve:9090/nwrestapi/v3/global/cloudboostappliances","title":"List of cloudboost appliances"},{"href":"https://nve:9090/nwrestapi/v3/global/datadomainsystems","title":"List of data domain systems"},{"href":"https://nve:9090/nwrestapi/v3/global/dddevicereplication","title":"DD device replication"},{"href":"https://nve:9090/nwrestapi/v3/global/devices","title":"List of storage devices"},{"href":"https://nve:9090/nwrestapi/v3/global/directives","title":"List of backup directives"},{"href":"https://nve:9090/nwrestapi/v3/global/inspect","title":"Inspect remote/local server"},{"href":"https://nve:9090/nwrestapi/v3/global/jobgroups","title":"List of job groups"},{"href":"https://nve:9090/nwrestapi/v3/global/jobindications","title":"List of job indications"},{"href":"https://nve:9090/nwrestapi/v3/global/jobs","title":"List of jobs"},{"href":"https://nve:9090/nwrestapi/v3/global/jukeboxes","title":"List of jukeboxes"},{"href":"https://nve:9090/nwrestapi/v3/global/labels","title":"List of volume label templates"},{"href":"https://nve:9090/nwrestapi/v3/global/licenseconfig","title":"Server license configuration"},{"href":"https://nve:9090/nwrestapi/v3/global/licenses","title":"List of license templates"},{"href":"https://nve:9090/nwrestapi/v3/global/lockbox","title":"Lockbox resource"},{"href":"https://nve:9090/nwrestapi/v3/global/mediaconfig","title":"Server media configuration"},{"href":"https://nve:9090/nwrestapi/v3/global/mobilestorageunits","title":"Mobile storage units."},{"href":"https://nve:9090/nwrestapi/v3/global/nasdevices","title":"List of NAS devices"},{"href":"https://nve:9090/nwrestapi/v3/global/notifications","title":"List of notification settings"},{"href":"https://nve:9090/nwrestapi/v3/global/nsrcloneconfig","title":"NSR Clone Configuration"},{"href":"https://nve:9090/nwrestapi/v3/global/pools","title":"List of pools"},{"href":"https://nve:9090/nwrestapi/v3/global/probes","title":"List of probes"},{"href":"https://nve:9090/nwrestapi/v3/global/protectiongroups","title":"List of protection groups"},{"href":"https://nve:9090/nwrestapi/v3/global/protectionpolicies","title":"List of protection policies"},{"href":"https://nve:9090/nwrestapi/v3/global/recoverapps","title":"List of recovery applications"},{"href":"https://nve:9090/nwrestapi/v3/global/recovers","title":"List of recover resources"},{"href":"https://nve:9090/nwrestapi/v3/global/rules","title":"List of rules"},{"href":"https://nve:9090/nwrestapi/v3/global/schedules","title":"List of schedules"},{"href":"https://nve:9090/nwrestapi/v3/global/securityconfig","title":"Server security configurati* Connection #0 to host nve left intact
on"},{"href":"https://nve:9090/nwrestapi/v3/global/serverconfig","title":"Server configuration"},{"href":"https://nve:9090/nwrestapi/v3/global/servermessages","title":"List of server messages"},{"href":"https://nve:9090/nwrestapi/v3/global/serverstatistics","title":"Server statistics"},{"href":"https://nve:9090/nwrestapi/v3/global/sessions","title":"List of save/recover sessions"},{"href":"https://nve:9090/nwrestapi/v3/global/storagenodes","title":"List of storage nodes"},{"href":"https://nve:9090/nwrestapi/v3/global/tenants","title":"Restricted data zone protection"},{"href":"https://nve:9090/nwrestapi/v3/global/timepolicies","title":"List of Time Policies"},{"href":"https://nve:9090/nwrestapi/v3/global/usergroups","title":"List of user groups"},{"href":"https://nve:9090/nwrestapi/v3/global/vmware","title":"View of VMware objects"},{"href":"https://nve:9090/nwrestapi/v3/global/volumes","title":"List of volumes"}]}


記錄:

驗證伺服器:

Linux:/nsr/authc/logs
Windows:C:\Program Files\EMC NetWorker\nsr\authc-server\tomcat\logs

REST API (NetWorker Server):

Linux:/nsr/logs/restapi/restapi.log
Windows:C:\Program Files\EMC NetWorker\nsr\logs\restapi\restapi.log

 

Additional Information

NetWorker:如何啟用 AUTHC 偵錯以進行故障診斷
NetWorker:如何啟用 REST API 除錯
NetWorker REST API 分派指南

Affected Products

NetWorker

Products

NetWorker
Article Properties
Article Number: 000011247
Article Type: How To
Last Modified: 04 Mar 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.