REST API not working - 404 errors
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-04-2014 07:34 AM - edited 03-12-2019 07:19 AM
I am attempting to enable the REST API on the Cisco CSR 1000V. I have followed the instructions in http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/configuration/csr1000Vswcfg.pdf (CH. 14). The API service is running; however, the API endpoint is not functional. See below for (1) API service status, and (2), errant behavior. See http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/restapi/restapi.pdf. If we can get this to work, we will use it to automate the deployment of the CSRs. The running config is pasted (3).
(1) API Service Status
ip-172-31-10-167#show virtual-service detail
Virtual service csr_mgmt detail
State : Activated
Package information
Name : csrmgmt.1_3_1.20140213_121708.ova
Path : bootflash:/csrmgmt.1_3_1.20140213_121708.ova
Application
Name : csr_mgmt
Installed version : 1.3.1
Description : CSR-MGMT
Signing
Key type : Cisco development key
Method : SHA-1
Licensing
Name : Not Available
Version : Not Available
Detailed guest status
----------------------------------------------------------------------
Process Status Uptime # of restarts
----------------------------------------------------------------------
nginx UP 0Y 0W 0D 0: 7:40 0
climgr UP 0Y 0W 0D 0: 7:40 0
restful_api UP 0Y 0W 0D 0: 7:40 0
fcgicpa Down
pnscag Down
pnscdme Down
----------------------------------------------------------------------
Feature Status Configuration
----------------------------------------------------------------------
Restful API Enabled, UP port: 443
auto-save-timer: 8 seconds
socket: unix:/usr/local/nginx/csrapi-fcgi.sock;
(2) Errant behavior of REST API endpoint
[ec2-user@ip-172-31-4-51 ~]$ curl -k -v https://172.31.10.167/api/v1/auth/token-services
* Hostname was NOT found in DNS cache
* Trying 172.31.10.167...
* Connected to 172.31.10.167 (172.31.10.167) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_RSA_WITH_3DES_EDE_CBC_SHA
* Server certificate:
* subject: CN=IOS-Self-Signed-Certificate-1988170391
* start date: Jul 11 20:07:58 2014 GMT
* expire date: Jan 01 00:00:00 2020 GMT
* common name: IOS-Self-Signed-Certificate-1988170391
* issuer: CN=IOS-Self-Signed-Certificate-1988170391
> GET /api/v1/auth/token-services HTTP/1.1
> User-Agent: curl/7.36.0
> Host: 172.31.10.167
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Date: Fri, 11 Jul 2014 20:18:09 GMT
* Server cisco-IOS is not blacklisted
< Server: cisco-IOS
< Connection: close
< Accept-Ranges: none
<
404 Not Found
* Closing connection 0
(3) Running config
$ printf "term len 0\nsh run\n" | ssh -i .ssh/aptlivewest2.pem ec2-user@54.191.136.82
Pseudo-terminal will not be allocated because stdin is not a terminal.
ip-172-31-10-167#term len 0
ip-172-31-10-167#sh run
Building configuration...
Current configuration : 2704 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname ip-172-31-10-167
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-1988170391
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1988170391
revocation-check none
rsakeypair TP-self-signed-1988170391
!
!
crypto pki certificate chain TP-self-signed-1988170391
certificate self-signed 01
[SNIP!]
quit
license udi pid CSR1000V sn 97FQ0HAJ0I0
!
username ec2-user privilege 15 secret 5 $1 [SNIP!]
!
redundancy
mode none
!
!
!
!
!
!
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip ssh pubkey-chain
username ec2-user
key-hash ssh-rsa [SNIP!] aptlivewest2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface VirtualPortGroup0
ip unnumbered GigabitEthernet1
!
interface GigabitEthernet1
ip address dhcp
negotiation auto
!
!
virtual-service csr_mgmt
vnic gateway VirtualPortGroup0
activate
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
ip route 172.31.4.51 255.255.255.255 VirtualPortGroup0
!
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login local
!
!
end
- Labels:
-
CSR for Public Cloud
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2018 02:19 AM
I didnt even get to this stage.
Trying to configure the management access between virtual-service and the router, but it doesn't work.
BUSEC-CSR1000v#sh virtual-service detail
Virtual service csr_mgmt detail
State : Activated
Owner : IOSd
Package information
Name : iosxe-remote-mgmt.03.16.04a.S.155-3.S4a-ext.ova
Path : bootflash:/iosxe-remote-mgmt.03.16.04a.S.155-3.S4a-ext.ova
Application
Name : csr_mgmt
Installed version : 03.16.03
Description : CSR-MGMT
Signing
Key type : Cisco development key
Method : SHA-1
Licensing
Name : Not Available
Version : Not Available
Detailed guest status
Information not available
Activated profile name: None
Resource reservation
Disk : 756 MB
Memory : 512 MB
CPU : 5% system CPU
Attached devices
Type Name Alias
---------------------------------------------
NIC ieobc_1 ieobc
NIC dp_1_0 net2
Disk _rootfs
Disk /opt/var
Disk /opt/var/c
Serial/shell serial0
Serial/aux serial1
Serial/Syslog serial2
Serial/Trace serial3
Watchdog watchdog-2
Network interfaces
MAC address Attached to interface
------------------------------------------------------
54:0E:00:0B:0C:02 ieobc_1
00:1E:7A:A5:41:BA VirtualPortGroup0
Guest interface
---
Information not available
---
Guest routes
---
Information not available
---
Resource admission (without profile) : passed
Disk space : 756MB
Memory : 512MB
CPU : 5% system CPU
VCPUs : Not specified
BUSEC-CSR1000v#
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2021 09:10 AM
Did you ever figure this one out? I know it is super old but I am STILL not finding any guidance on using tokens on CSR or 4000 series.
