Hi,
I am noob for VMWare environment.
I have vCenter server 6.5, web-client installed on Windows host, through which I can create datacenter and add a hosts to it.
But when I am trying to create or get the existing resources using curl, I am getting response 401 Unauthorized.
Please tell me if I am passing incomplete or wrong information or do I have to enable something that will allow other applications to communicate to vCenter.
Note that username and password provided is correct and I am able to login and create resources through web-client using same.
Following are the commands and respective responses :
curl --digest -v -i -k -H "Content-Type:application/json" -u '<user>:<pass>' -X GET --insecure 'https://192.168.2.102/rest/vcenter/datacenter'
* Hostname was NOT found in DNS cache
* Trying 192.168.2.102...
* Connected to 192.168.2.102 (192.168.2.102) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: CN=192.168.2.102; C=US
* start date: 2017-02-09 06:30:57 GMT
* expire date: 2027-02-04 06:30:57 GMT
* issuer: CN=CA; DC=extreme; DC=vmware; C=US; ST=California; O=<domain>; OU=VMware Engineering
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using Digest with user '<user>'
> GET /rest/vcenter/datacenter HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 192.168.2.102
> Accept: */*
> Content-Type:application/json
< HTTP/1.1 401 Unauthorized
HTTP/1.1 401 Unauthorized
< Date: Tue, 21 Feb 2017 05:34:29 GMT
Date: Tue, 21 Feb 2017 05:34:29 GMT
< Content-Type: application/json
Content-Type: application/json
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
<
* Connection #0 to host 192.168.2.102 left intact
{"type":"com.vmware.vapi.std.errors.unauthenticated","value":{"messages":[{"args":[],"default_message":"This method requires authentication.","id":"vapi.method.authentication.required"}]}}
curl -v -i -k -H "Content-Type:application/json" -u '<user>:<pass>' -X POST --insecure -d '{"spec":{"folder":"folder2","name":"datacenter2"}}' 'https://192.168.2.102/rest/vcenter/datacenter'
* Hostname was NOT found in DNS cache
* Trying 192.168.2.102...
* Connected to 192.168.2.102 (192.168.2.102) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: CN=192.168.2.102; C=US
* start date: 2017-02-09 06:30:57 GMT
* expire date: 2027-02-04 06:30:57 GMT
* issuer: CN=CA; DC=extreme; DC=vmware; C=US; ST=California; O=<domain>; OU=VMware Engineering
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using Basic with user '<user>'
> POST /rest/vcenter/datacenter HTTP/1.1
> Authorization: Basic YWRtaW5pc3RyYXRvckBleHRyZW1lLnZtd2FyZTphZGZkZmRtaW5AMTIz
> User-Agent: curl/7.35.0
> Host: 192.168.2.102
> Accept: */*
> Content-Type:application/json
> Content-Length: 52
* upload completely sent off: 52 out of 52 bytes
< HTTP/1.1 401 Unauthorized
HTTP/1.1 401 Unauthorized
< Date: Tue, 21 Feb 2017 05:37:42 GMT
Date: Tue, 21 Feb 2017 05:37:42 GMT
< Content-Type: application/json
Content-Type: application/json
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
<
* Connection #0 to host 192.168.2.102 left intact
{"type":"com.vmware.vapi.std.errors.unauthenticated","value":{"messages":[{"args":[],"default_message":"This method requires authentication.","id":"vapi.method.authentication.required"}]}}
Thanks in advance.
Hi,
I was looking for some other answers when I spotted this old post. I assume you got your answer by now but maybe other will find this post as well and I think it might help if we have an answer here.
I think the issue here is that you did not get a session ID first and use it to do the actual call.
First request the session ID:
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'vmware-use-header-authn: test' --header 'vmware-api-session-id: null' -u 'administrator@vsphere.local' 'https://vc-fqdn/rest/com/vmware/cis/session'
Which will give back a session ID:
{"value":"0fd23c582c09599c2e500bb1d5378235"}
You can then use this in your request:
curl -sik -H 'Accept:application/json' -H "vmware-api-session-id:0fd23c582c09599c2e500bb1d5378235" -X GET https://vc-fqdn/rest/vcenter/datacenter/
Hope this helps.