iControl 500 Can't connect

I am new to iControl so I figured I would download the windows iControl SDK version 11.1 and try to use the SystemServices.pl perl file to connect to our internal F5. I am running Strawberry Perl on a Win 7 64bit machine. When I run the following command: "install dir"\perl5.16.3 SystemServices.pl "host IP address" "host port" "Uid" "Pwd". I get the following error: 500 Can't connect to "host IP address":"host port" at SystemServices.pl line 82

Below is the script that I am running from the SDK, and Line 82 is the following line: $soapResponse = $soap->get_all_service_statuses();

Wondering if anyone can help with the error I am seeing! Also if I use a Web browser I can get to the following url with no issues: https://"host IP address":"host port"/iControl/iControlPortal.cgi?WSDL=System.Services

!/usr/bin/perl
----------------------------------------------------------------------------
 The contents of this file are subject to the "END USER LICENSE AGREEMENT FOR F5
 Software Development Kit for iControl"; you may not use this file except in
 compliance with the License. The License is included in the iControl
 Software Development Kit.

 Software distributed under the License is distributed on an "AS IS"
 basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 the License for the specific language governing rights and limitations
 under the License.

 The Original Code is iControl Code and related documentation
 distributed by F5.

 The Initial Developer of the Original Code is F5 Networks,
 Inc. Seattle, WA, USA. Portions created by F5 are Copyright (C) 1996-2004 F5 Networks,
 Inc. All Rights Reserved.  iControl (TM) is a registered trademark of F5 Networks, Inc.

 Alternatively, the contents of this file may be used under the terms
 of the GNU General Public License (the "GPL"), in which case the
 provisions of GPL are applicable instead of those above.  If you wish
 to allow use of your version of this file only under the terms of the
 GPL and not to allow others to use your version of this file under the
 License, indicate your decision by deleting the provisions above and
 replace them with the notice and other provisions required by the GPL.
 If you do not delete the provisions above, a recipient may use your
 version of this file under either the License or the GPL.
----------------------------------------------------------------------------

use SOAP::Lite + trace => qw(method debug);
use SOAP::Lite;
use MIME::Base64;

BEGIN { push (@INC, ".."); }
use iControlTypeCast;

----------------------------------------------------------------------------
 Validate Arguments
----------------------------------------------------------------------------
my $sHost = $ARGV[0];
my $sPort = $ARGV[1];
my $sUID = $ARGV[2];
my $sPWD = $ARGV[3];
my $sProtocol = "https";

if ( ("80" eq $sPort) or ("8080" eq $sPort) )
{
    $sProtocol = "http";
}

if ( ($sHost eq "") or ($sPort eq "") or ($sUID eq "") or ($sPWD eq "") )
{
 die ("Usage: SystemServices.pl host port uid pwd\n");
}

----------------------------------------------------------------------------
 Transport Information
----------------------------------------------------------------------------
sub SOAP::Transport::HTTPS::Client::get_basic_credentials
{
   return "$sUID" => "$sPWD";
}

$soap = SOAP::Lite
   -> uri('urn:iControl:System/Services')
  -> proxy("$sProtocol://$sHost:$sPort/iControl/iControlPortal.cgi");
eval { $soap->transport->https_request->header
(
  'Authorization' => 
     'Basic ' . MIME::Base64::encode("$sUID:$sPWD", '')
); };

&getServiceStatuses();

sub getServiceStatuses
{
    print "==========================================================\n";
   print "System Services\n";
  print "------------------\n";

   $soapResponse = $soap->get_all_service_statuses();
  if ( $soapResponse->fault )
 {
       my $faultcode = $soapResponse->faultcode;
       my $faultstring = $soapResponse->faultstring;
       $sshd_status = "FAULT : $faultcode : $faultstring";
 }
   else
    {
       my @ServiceStatusSeq = @{$soapResponse->result};
        foreach my $ServiceStatus (@ServiceStatusSeq)
       {
           $service = $ServiceStatus->{"service"};
         $status = $ServiceStatus->{"status"};

           print "$service : $status\n";
       }
   }
}

devops

iControl

13 Replies

Nick_125581
Nimbostratus
Aug 22, 2013
Joe, I got it to work. I had a typo in the SystemServices.pl from all the debugging I was doing. I tried a different script and realized where the issue was. So at the end the addition of

$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME}=0

did it and it now works! Thanks for all your help!
Joe_Pruitt
Aug 22, 2013
Awesome, glad to help...
paul_adomeit_70
Nimbostratus
Oct 02, 2013
Hi, I am having the exact same problem with the warnings about how setting PERL_LWP_SSL_VERIFY_HOSTNAME to 0 is being deprecated but got a little further along. I'm running Perl v5.16.3 64-bit on Win7 and LWP v6.04. I figured out a different way to at least make it so I can connect to our LTM's that all use self signed certificates without having to use that deprecated way. However, I don't think it is wise since I don't fully understand how the SSL connection is eventually created. I would love to know the right way to accomplish the same thing from the iControl Perl scripts I write without having to change files under the hood. I gather that LWP is used under the covers but could not figure out how to get my scripts to disable certificate checking they way most of the messages on the internet say to do it. So I found the specific file under \Perl\lib\LWP\Protocol\https.pm that handles the SSL part. Change the file so it's read/write and then go to line 14 in my case where the subroutine _extra_sock_opts starts. There is a line that says "$ssl_opts{$SSL_verify_mode} ||= 1". The warning message from above mentions SSL_verify_mode and I suspected that "verify_hostname" was passed from my iControl script and causes this part of the subroutine to execute. I figured I'd change that 1 to a 0 to hard code it, save the file and try it. It did work so I know the lever I need to change. Do you have any idea how I can modify my iControl scripts so LWP disables certificate checking the "right" way? I'm sure it's just a matter of setting some variable in my iControl script just the way LWP is expecting to see it. I've been reading but I believe this is currently way too far out of my Perl abilities.

-p

Forum Discussion

iControl 500 Can't connect

13 Replies

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

URL

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Azure DP-100 Exam Questions

Deploying F5 WAF in front of Azure Web App Services

Related Content

SPECIAL DevCentral Connects - on Basic iControl Security

iControl REST Authentication Token Management

Microsoft Powershell with iControl

iControl vs AS3

Securely connecting Kubernetes Microservices with F5 Distributed Cloud