nagios – HP MSA 2312 XML API“未经授权的访问请求”

我正在尝试编写一个自定义Nagios插件来通过HTTP XML API监控HP MSA2312fc.我可以通过/ api / login / {login_hash}成功登录系统,但在尝试获取某些数据时(即通过/ api / show / system),始终会收到错误“未经授权的访问请求”.我在不同的MSA上尝试过这些命令,但总是出现同样的错误.

# Successful login
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RESPONSE>
<OBJECT basetype="status" name="status" oid="1">
    <PROPERTY name="response-type">success</PROPERTY>
    <PROPERTY name="response-type-numeric">0</PROPERTY>
    <PROPERTY name="response">deb9b907d11459757af645bd859e01aa</PROPERTY>
    <PROPERTY name="return-code">1</PROPERTY>
</OBJECT>
</RESPONSE>

# Error
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RESPONSE>
<OBJECT basetype="status" name="status" oid="1">
    <PROPERTY name="response-type">error</PROPERTY>
    <PROPERTY name="response-type-numeric">1</PROPERTY>
    <PROPERTY name="response">Unauthorized access requested</PROPERTY>
    <PROPERTY name="return-code">6</PROPERTY>
</OBJECT>
</RESPONSE>

我已经可以通过XMl API成功监控HP MSA P2000 G3而没有任何问题.

我正在使用Python 2作为插件.附件是用于登录和从MSA P2000 G3读取数据的相关代码:

import hashlib
import urllib2
from xml.etree import ElementTree

# Log into MSA
def msa_login(hostname, username, password):
    def create_login_hash(username, password):
        login_string = "{0}_{1}".format(username, password)
        return hashlib.md5(login_string).hexdigest()

    login_hash = create_login_hash(username, password)
    url_login = "http://{0}/api/login/{1}".format(hostname, login_hash)
    req_login = urllib2.Request(url_login)
    response_login = urllib2.urlopen(req_login)
    #print(response_login.read())
    login = ElementTree.parse(response_login).getroot()

    # Get sessionid
    for property in login.findall('./OBJECT/PROPERTY'):
        if property.attrib['name'] == 'response-type' and property.text != 'success':
            print("CRITICAL - Couldn't login to MSA")
            exit(NAGIOS_CRITICAL)

        if property.attrib['name'] == 'response':
            return property.text


# Read system data
def parse_system(hostname, sessionid):
    url_system = "http://{0}/api/show/system".format(hostname)
    req_system = urllib2.Request(url_system)
    req_system.add_header('sessionKey', sessionid)
    response_system = urllib2.urlopen(req_system)
    system = ElementTree.parse(response_system).getroot()
    [...] # parsing data

有人可以给我一个暗示,为什么我总是收到未经授权的消息?或者有一个有效的代码片段?我知道Telnet有一个XML API模式,但我不想出于各种原因使用它.

最佳答案
您需要在标头中发送Cookie:

Key Value
Cookie  wbisessionkey=ee7426964a6d14788ba86f77764733bf; wbiusername=monitoruser

像这样的东西(代码未测试):

cookie = "wbiusername={0}; wbisessionkey={1}".format(username,sessionid);
req_system.add_header('Cookie', cookie);

转载注明原文:nagios – HP MSA 2312 XML API“未经授权的访问请求” - 代码日志