Hi experts,
I've setup a GNS3 lab enviroment to study for the free courses of JNCIA-DevOps and ideally redeem a certification voucher and get certified and in my training I've found a problem with the vSRX's REST API.
It always returns a 500 Internal Server Error, even though the REST calls seem to be processed, in response to curl or REST API Explorer embedded calls.
Sending the RPC via Netconf interface of the same underlying XML API works fine.
I have enabled the set rest traceoptions flag all, but the /var/chroot/rest-api/var/log/lighttpd log (available below) does not show much clues, at least for me. Since the Netconf way goes through, I assume the mgd process is fine and the problem is somewhere at lighttpd or mod_juise level.
Did anyone encounter this or could point towards further debugging?
The .gns3a is a vSRX 18.1.R1.9 and I'm callling from curl 7.65.3 (x86_64-pc-linux-gnu) and Python 3.7.4.
Many thanks in advance,
Bogdan
root@kali:~# !91
curl -u "root:Ixia2019!" http://192.168.100.122:3000/rpc/get-interface-information
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>500 - Internal Server Error</title>
</head>
<body>
<h1>500 - Internal Server Error</h1>
</body>
</html>
root@kali:~#
root@kali:~# ssh 192.168.100.122
Password:
Last login: Wed May 6 20:55:49 2020 from 192.168.100.1
--- JUNOS 18.1R1.9 Kernel 64-bit JNPR-11.0-20180308.0604c57_buil
root@vSRX18:~ #
root@vSRX18:~ #
root@vSRX18:~ # cd /var/c
chroot/ crash/ cron/
root@vSRX18:~ # cd /var/chroot/rest-api/var/log/
root@vSRX18:/var/chroot/rest-api/var/log # ls -l
total 9
-rw-r--r-- 1 nobody nobody 8960 May 6 21:11 lighttpd
root@vSRX18:/var/chroot/rest-api/var/log # cat lighttpd
2020-05-06 20:01:22: (../../../../../../../src/dist/lighttpd/src/log.c.166) server started
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1726) mod_juise: physical: fn /www/rpc/get-interface-information
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1727) mod_juise: physical: uri /rpc/get-interface-information
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1637) mod_juise: start: looking at /usr/sbin/juise
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /usr/sbin/juise
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --rpc-on-box
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --auth-socket
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /var/run/rest_api_mgmt_sock
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --trace
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /var/log/juise
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /usr/sbin/juise
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1821) mod_juise: handle:
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.700) juise died, pid: 7657 6
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 20:02:43: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1726) mod_juise: physical: fn /www/rpc/get-interface-information
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1727) mod_juise: physical: uri /rpc/get-interface-information
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1637) mod_juise: start: looking at /usr/sbin/juise
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /usr/sbin/juise
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --rpc-on-box
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --auth-socket
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /var/run/rest_api_mgmt_sock
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --trace
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /var/log/juise
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /usr/sbin/juise
2020-05-06 20:19:01: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1821) mod_juise: handle:
2020-05-06 20:19:02: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.700) juise died, pid: 7685 6
2020-05-06 20:19:02: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 20:19:02: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
2020-05-06 20:19:02: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 20:19:02: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1726) mod_juise: physical: fn /www/rpc/get-interface-information
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1727) mod_juise: physical: uri /rpc/get-interface-information
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1637) mod_juise: start: looking at /usr/sbin/juise
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /usr/sbin/juise
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --rpc-on-box
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --auth-socket
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /var/run/rest_api_mgmt_sock
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --trace
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /var/log/juise
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /usr/sbin/juise
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1821) mod_juise: handle:
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.700) juise died, pid: 7717 6
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 20:55:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1726) mod_juise: physical: fn /www/rpc/get-interface-information
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1727) mod_juise: physical: uri /rpc/get-interface-information
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1637) mod_juise: start: looking at /usr/sbin/juise
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /usr/sbin/juise
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --rpc-on-box
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --auth-socket
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /var/run/rest_api_mgmt_sock
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: --trace
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /var/log/juise
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.927) juise: argv: /usr/sbin/juise
2020-05-06 21:10:40: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.1821) mod_juise: handle:
2020-05-06 21:10:41: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.700) juise died, pid: 7736 6
2020-05-06 21:10:41: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 21:10:41: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
2020-05-06 21:10:41: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.720) mod_juise: connection_reset:
2020-05-06 21:10:41: (../../../../../../../../src/dist/juise/mod_juise/mod_juise.c.723) mod_juise: connection_reset: done
root@vSRX18:/var/chroot/rest-api/var/log #
root@vSRX18:/var/chroot/rest-api/var/log #
root@vSRX18:/var/chroot/rest-api/var/log #
root@vSRX18:/var/chroot/rest-api/var/log #
root@vSRX18:/var/chroot/rest-api/var/log #
root@vSRX18:/var/chroot/rest-api/var/log # cd
root@vSRX18:~ #
root@vSRX18:~ # cli
root@vSRX18.1R1> show con
^
'con' is ambiguous.
Possible completions:
configuration Show current configuration
connections Show circuit cross-connect connections
root@vSRX18.1R1> show configuration
## Last commit: 2020-05-06 20:01:21 UTC by root
version 18.1R1.9;
system {
host-name vSRX18.1R1;
root-authentication {
encrypted-password "$6$DCEfQfdm$VistHkxj6b0kca8koGIrFFye97aUtZayON7UMbeGrRd.aUCI0bO9RsTPf6r6XP2z3UJ13cZYvJ7lLcKctnUdd."; ## SECRET-DATA
}
services {
ssh {
root-login allow;
}
netconf {
ssh;
}
rest {
http {
port 3000;
}
traceoptions {
flag all;
}
enable-explorer;
}
web-management {
http {
interface fxp0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
security {
log {
mode stream;
report;
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000; ## Warning: 'queue-size' is deprecated
timeout 20;
}
land;
}
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
tcp-rst;
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/1.0;
}
}
}
}
interfaces {
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.122.122/24;
}
}
}
fxp0 {
unit 0 {
family inet {
address 192.168.100.122/24;
}
}
}
}
root@vSRX18.1R1>
The Netconf interface and underlying XML API seems fine:
root@kali:~#
root@kali:~# python3 get_route_table_rpc_Netconf.py
The initial XML output from get route RPC is of type <class 'lxml.etree._Element'>
The XML output from get route RPC is of type <class 'list'>
Route: 192.168.100.0/24 Protocol Direct
Route: 192.168.100.122/32 Protocol Local
Route: 192.168.122.0/24 Protocol Direct
Route: 192.168.122.122/32 Protocol Local
root@kali:~#
root@kali:~# cat get_route_table_rpc_Netconf.py
#! /usr/bin/python3
from jnpr.junos import Device
if __name__ == '__main__':
dev = Device(host='192.168.100.122', user='root', password='Ixia2019!')
dev.open()
route_lxml_element = dev.rpc.get_route_information(table="inet.0")
print(f"The initial XML output from get route RPC is of type {type(route_lxml_element)}")
list_of_routes = route_lxml_element.findall('.//rt')
print(f"The XML output from get route RPC is of type {type(list_of_routes)}")
for route in list_of_routes:
print("Route: {} Protocol {}".format(route.findtext('rt-destination').strip(), route.findtext('rt-entry/protocol-name').strip()))
dev.close()
#root@vSRX18.1R1> show route | display xml
#<rpc-reply xmlns:junos="http://xml.juniper.net/junos/18.1R1/junos">
# <route-information xmlns="http://xml.juniper.net/junos/18.1R1/junos-routing">
# <!-- keepalive -->
# <route-table>
# <table-name>inet.0</table-name>
# <destination-count>4</destination-count>
# <total-route-count>4</total-route-count>
# <active-route-count>4</active-route-count>
# <holddown-route-count>0</holddown-route-count>
# <hidden-route-count>0</hidden-route-count>
# <rt junos:style="brief">
# <rt-destination>192.168.100.0/24</rt-destination>
# <rt-entry>
# <active-tag>*</active-tag>
# <current-active/>
# <last-active/>
# <protocol-name>Direct</protocol-name>
# <preference>0</preference>
# <age junos:seconds="2994">00:49:54</age>
# <nh>
# <selected-next-hop/>
# <via>fxp0.0</via>
# </nh>
# </rt-entry>
# </rt>
# <rt junos:style="brief">
# <rt-destination>192.168.100.122/32</rt-destination>
# <rt-entry>
root@kali:~#
root@kali:~# python3
Python 3.7.4 (default, Jul 11 2019, 10:43:21)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>
root@kali:~# curl --version
curl 7.65.3 (x86_64-pc-linux-gnu) libcurl/7.65.3 OpenSSL/1.1.1c zlib/1.2.11 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.39.2 librtmp/2.3
Release-Date: 2019-07-19
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets
root@kali:~# ^C
root@kali:~#