Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
13 replies Latest Post - ‏2012-10-31T03:31:31Z by SystemAdmin
SystemAdmin
SystemAdmin
6772 Posts
ACCEPTED ANSWER

Pinned topic Trouble in making SOAP requests to IBM Datapower appliance (XI50)

‏2012-10-31T02:05:25Z |
Hello I am trying to make SOAP calls through curl command to the XML management Interface of the Datapower device, but unable to do so.

I am logged into the default domain of XI50 device and have the following settings for XML Management Interface as follows:
1. On the GUI navigate to Network -> Management -> XML Management Interface
2. Set The Admin State to enabled
3. Local IP address: 0.0.0.0
4. Port Number : 5550
5. Access Control List: xml-mgmt
6. Enabled Services: SOAP Configuration Management (checked)
AMP Endpoint (checked)

I make the following call:
curl -k -u username:password -d @get-status.xml https://Device IP:5550/service/mgmt/current -v

But get the following message:
  • About to connect() to Device IP port 5550 (#0)
  • Trying Device IP...
  • Connection timed out
  • couldn't connect to host
  • Closing connection #0
curl: (7) couldn't connect to host

The content of the get-status.xml file is:

<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<dp:request domain="default"
xmlns:dp="http://www.datapower.com/schemas/management">
<dp:get-status class="CPUUsage"/>
</dp:request>
</env:Body>
</env:Envelope>

Can you please help me out and let me know if I am missing out anything obvious here?

Thanks a lot.
Updated on 2012-10-31T03:31:31Z at 2012-10-31T03:31:31Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    6772 Posts
    ACCEPTED ANSWER

    Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

    ‏2012-10-31T02:10:29Z  in response to SystemAdmin
    Check show xml-mgmt on the appliance and I think you need to contact network team for checking the FW
  • SystemAdmin
    SystemAdmin
    6772 Posts
    ACCEPTED ANSWER

    Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

    ‏2012-10-31T02:16:29Z  in response to SystemAdmin
    > 1. On the GUI navigate to Network -> Management -> XML Management Interface
    > 2. Set The Admin State to enabled
    > 3. Local IP address: 0.0.0.0
    > 4. Port Number : 5550
    > 5. Access Control List: xml-mgmt
    > 6. Enabled Services: SOAP Configuration Management (checked)

    You need to enable soma endpoint too..

    xi50# show xml-mgmt

    xml-mgmt up

    admin-state enabled
    ip-address 0.0.0.0
    port 5550
    acl xml-mgmt up
    slm-peering 10
    mode any+soma+v2004+amp+slm
    • SystemAdmin
      SystemAdmin
      6772 Posts
      ACCEPTED ANSWER

      Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

      ‏2012-10-31T02:32:20Z  in response to SystemAdmin
      Oh.. are you suggesting I need to enable SOAP Management URI, SOAP Configuration Management (v2004), SLM Endpoint too? But the document on XML Management(http://www.redbooks.ibm.com/redpapers/pdfs/redp4446.pdf) Suggests the following (on page 15/53):

      Important: Never activate the check box Enable any (*) SOAP Management URI.
      Activating it could lead to problems using SOAP Management (SOMA), because any
      URI is accepted by the device. What can happen is that the device uses the SOAP
      v2004 specifications instead of the current SOAP Management implementation, which
      might cause trouble with the requests sent to the box. For example, they could be
      rejected although they are valid.

      Thanks.
      • SystemAdmin
        SystemAdmin
        6772 Posts
        ACCEPTED ANSWER

        Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

        ‏2012-10-31T02:37:31Z  in response to SystemAdmin
        > deepti_ragha wrote:
        > Oh.. are you suggesting I need to enable SOAP Management URI, SOAP Configuration Management (v2004), SLM Endpoint too? But the document on XML Management(http://www.redbooks.ibm.com/redpapers/pdfs/redp4446.pdf) Suggests the following (on page 15/53):
        >
        > Important: Never activate the check box Enable any (*) SOAP Management URI.
        > Activating it could lead to problems using SOAP Management (SOMA), because any
        > URI is accepted by the device. What can happen is that the device uses the SOAP
        > v2004 specifications instead of the current SOAP Management implementation, which
        > might cause trouble with the requests sent to the box. For example, they could be
        > rejected although they are valid.

        v2004 is legacy URL mgmt/service/2004.You don't have to enable the Amp, but if you keep enabling other services there will not be any harm,
        mode any+soma+v2004+amp+slm ( I have enabled all services in my appliance).

        By doing so you will at least able to find if there is Firewall issue or not.
  • SystemAdmin
    SystemAdmin
    6772 Posts
    ACCEPTED ANSWER

    Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

    ‏2012-10-31T02:27:00Z  in response to SystemAdmin
    Yes, that has been enabled too. I am not able to execute show xml-mgmt on the terminal but I can see it has been enabled through the GUI as seen in the attachment.
    • SystemAdmin
      SystemAdmin
      6772 Posts
      ACCEPTED ANSWER

      Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

      ‏2012-10-31T02:34:05Z  in response to SystemAdmin
      > deepti_ragha wrote:
      > Yes, that has been enabled too. I am not able to execute show xml-mgmt on the terminal but I can see it has been enabled through the GUI as seen in the attachment.

      You should be able to execute show xml-mgmt if you are privileged user.Since you are sending the request to default domain you need to have more than read access. I am not sure how your users have been set up via RBM or local.

      If you have enable SOMA service you should other errors apart from connection timeout.
      How you are firing the request? From linux server?
      • SystemAdmin
        SystemAdmin
        6772 Posts
        ACCEPTED ANSWER

        Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

        ‏2012-10-31T02:39:22Z  in response to SystemAdmin
        I am puzzled too, that I am unable to execute commands. But I have another account (different userid) in other domain(not default) and there I execute commands. May be I need to search around a little on why that is happening.

        I am executing the command from cygwin, could that cause any issue?
        • SystemAdmin
          SystemAdmin
          6772 Posts
          ACCEPTED ANSWER

          Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

          ‏2012-10-31T02:44:18Z  in response to SystemAdmin
          > deepti_ragha wrote:
          > I am puzzled too, that I am unable to execute commands. But I have another account (different userid) in other domain(not default) and there I execute commands. May be I need to search around a little on why that is happening.
          You need enabled the other services too like any,soma,etc etc too.

          xi50# show xml-mgmt

          xml-mgmt up
          --------
          admin-state enabled
          ip-address 0.0.0.0
          port 5550
          acl xml-mgmt up
          slm-peering 10
          mode any+soma+v2004+amp+slm
          xi50# co
          Global configuration mode
          xi50(config)# show xml-mgmt

          xml-mgmt up
          --------
          admin-state enabled
          ip-address 0.0.0.0
          port 5550
          acl xml-mgmt up
          slm-peering 10
          mode any+soma+v2004+amp+slm

          >
          > I am executing the command from cygwin, could that cause any issue?
          Unless your appliance in DMZ or behind FW the request should work
          • SystemAdmin
            SystemAdmin
            6772 Posts
            ACCEPTED ANSWER

            Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

            ‏2012-10-31T02:56:32Z  in response to SystemAdmin
            Still unable to execute the commands (says Unknown command or macro (co)).

            Tried enabling the services, but still facing the same issue.

            I am not sure if the appliance is behind the firewall (It is at a remote location). I tried doing a packet capture(through wireshark) while sending the request from my machine and could see 3 TCP SYN messages. I also ran a packet capture on the appliance through the web GUI by going to Control Panel -> Troubleshooting -> Packet Capture, but I couldnt see those requests here on the device. Does it all point to the appliance being behind the firewall?
            • SystemAdmin
              SystemAdmin
              6772 Posts
              ACCEPTED ANSWER

              Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

              ‏2012-10-31T03:12:12Z  in response to SystemAdmin
              > deepti_ragha wrote:
              > Still unable to execute the commands (says Unknown command or macro (co)).

              Your access is the problem. I have created a dummy user in my appliance and got the same error when I gave read access to default and and full access to developing domain.

              Unauthorized access prohibited.
              login: temp1
              *Password: *********
              xi52# show xml-mgmt
              Unknown command or macro (show xml-mgmt)
              xi52# co
              Unknown command or macro (co)
              xi52#

              Hope this helps,
              Kumar
              • SystemAdmin
                SystemAdmin
                6772 Posts
                ACCEPTED ANSWER

                Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

                ‏2012-10-31T03:19:18Z  in response to SystemAdmin
                Oh ok. Thanks a lot. Is this also the reason that I am unable to make SOAP calls?
                • SystemAdmin
                  SystemAdmin
                  6772 Posts
                  ACCEPTED ANSWER

                  Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

                  ‏2012-10-31T03:27:04Z  in response to SystemAdmin
                  > deepti_ragha wrote:
                  > Oh ok. Thanks a lot. Is this also the reason that I am unable to make SOAP calls?

                  If you don't have access you should get authentication error. The reason you are request timeout can be
                  1) You haven't enabled any,soma, etc etc services enabled.
                  2) FW is not open.

                  When you did packet you should be able to see the xml-request in the capture.
                  • SystemAdmin
                    SystemAdmin
                    6772 Posts
                    ACCEPTED ANSWER

                    Re: Trouble in making SOAP requests to IBM Datapower appliance (XI50)

                    ‏2012-10-31T03:31:31Z  in response to SystemAdmin
                    As per your suggestion I have enabled the any,soma services now. The packet capture does not show any xml requests on the appliance. Looks like the firewall issue. Thanks a lot for your inputs.