Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

REST API not working - 404 errors

 

I am attempting to enable the REST API on the Cisco CSR 1000V.  I have followed the instructions in http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/configuration/csr1000Vswcfg.pdf (CH. 14).  The  API service is running; however, the API endpoint is not functional.  See below for (1) API service status, and (2), errant behavior.  See http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/restapi/restapi.pdf.  If we can get this to work, we will use it to automate the deployment of the CSRs.  The running config is pasted (3).

 

(1) API Service Status

ip-172-31-10-167#show virtual-service detail

Virtual service csr_mgmt detail

State : Activated

Package information

Name : csrmgmt.1_3_1.20140213_121708.ova

Path : bootflash:/csrmgmt.1_3_1.20140213_121708.ova

Application

Name : csr_mgmt

Installed version : 1.3.1

Description : CSR-MGMT

Signing

Key type : Cisco development key

Method : SHA-1

Licensing

Name : Not Available

Version : Not Available

 

Detailed guest status

 

----------------------------------------------------------------------

Process Status Uptime # of restarts

----------------------------------------------------------------------

nginx UP 0Y 0W 0D 0: 7:40 0

climgr UP 0Y 0W 0D 0: 7:40 0

restful_api UP 0Y 0W 0D 0: 7:40 0

fcgicpa Down

pnscag Down

pnscdme Down

----------------------------------------------------------------------

Feature Status Configuration

----------------------------------------------------------------------

Restful API Enabled, UP port: 443

auto-save-timer: 8 seconds

socket: unix:/usr/local/nginx/csrapi-fcgi.sock;

 

 

(2) Errant behavior of REST API endpoint

[ec2-user@ip-172-31-4-51 ~]$ curl -k -v https://172.31.10.167/api/v1/auth/token-services

* Hostname was NOT found in DNS cache

*   Trying 172.31.10.167...

* Connected to 172.31.10.167 (172.31.10.167) port 443 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* skipping SSL peer certificate verification

* SSL connection using TLS_RSA_WITH_3DES_EDE_CBC_SHA

* Server certificate:

* subject: CN=IOS-Self-Signed-Certificate-1988170391

* start date: Jul 11 20:07:58 2014 GMT

* expire date: Jan 01 00:00:00 2020 GMT

* common name: IOS-Self-Signed-Certificate-1988170391

* issuer: CN=IOS-Self-Signed-Certificate-1988170391

> GET /api/v1/auth/token-services HTTP/1.1

> User-Agent: curl/7.36.0

> Host: 172.31.10.167

> Accept: */*

> 

< HTTP/1.1 404 Not Found

< Date: Fri, 11 Jul 2014 20:18:09 GMT

* Server cisco-IOS is not blacklisted

< Server: cisco-IOS

< Connection: close

< Accept-Ranges: none

< 

404 Not Found

* Closing connection 0

 

 

(3) Running config

$ printf "term len 0\nsh run\n" | ssh -i .ssh/aptlivewest2.pem ec2-user@54.191.136.82

Pseudo-terminal will not be allocated because stdin is not a terminal.

 

ip-172-31-10-167#term len 0

ip-172-31-10-167#sh run

Building configuration...

 

Current configuration : 2704 bytes

!

version 15.4

service timestamps debug datetime msec

service timestamps log datetime msec

no platform punt-keepalive disable-kernel-core

platform console virtual

!

hostname ip-172-31-10-167

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

!

!

!

!

!

!

!

!

 

 

 

!

!

!

!

!

!

!

!

!

!

subscriber templating

!

multilink bundle-name authenticated

!

crypto pki trustpoint TP-self-signed-1988170391

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-1988170391

 revocation-check none

 rsakeypair TP-self-signed-1988170391

!

!

crypto pki certificate chain TP-self-signed-1988170391

 certificate self-signed 01

  [SNIP!]

  quit

license udi pid CSR1000V sn 97FQ0HAJ0I0

!

username ec2-user privilege 15 secret 5 $1 [SNIP!]

!

redundancy

 mode none

!

!

!

!

!

!

ip ssh rsa keypair-name ssh-key

ip ssh version 2

ip ssh pubkey-chain

  username ec2-user

   key-hash ssh-rsa [SNIP!] aptlivewest2

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface VirtualPortGroup0

 ip unnumbered GigabitEthernet1

!

interface GigabitEthernet1

 ip address dhcp

 negotiation auto

!

!

virtual-service csr_mgmt

 vnic gateway VirtualPortGroup0

 activate

!

ip forward-protocol nd

!

no ip http server

ip http secure-server

ip route 172.31.4.51 255.255.255.255 VirtualPortGroup0

!

!

!

!

control-plane

!

!

line con 0

 stopbits 1

line aux 0

 stopbits 1

line vty 0 4

 login local

!

!

end

Everyone's tags (1)
453
Views
0
Helpful
0
Replies