F5OS-A 1.0.0 - System GUI¶
Feature Overview¶
The F5OS-A software has an API driven graphical user interface (GUI) for managing the platform. There is a single level of management for managing the platform and tenant deployments and this document is specific to the graphical interface for that management.
Feature deeper overview¶
The GUI is the frontend interface and it communicates to the ConfD core configuration engine to visualize the system’s configuration and statistics. For more details on the architecture of the GUI, please refer to the “Architecture” section at the end. The F5OS GUI is based on the BIG-IQ GUI and is supported on Google Chrome, Mozilla Firefox and Edge browsers.
When first connecting to the GUI, the default username and password is “admin/admin”. Once you have successfully logged in, you will be required to change the default password.
This is the screenshot of the landing page, called dashboard, aftersuccessful login:
The dashboard is a quick overview of your system; in specific it shows the system summary, including interfaces available, basic hardware information such as drive size, product, OS version and CPUs; as well as the tenants configured on the system and their associated status and management addresses.
The GUI pages are loaded as a docker container when the system starts. The name of the container is “vanquish-gui”, based on the codename for the product. In this example we display the GUI container:
GUI container¶
[root@appliance-1 ~]# docker ps | grep gui
175839a25766 localhost:2000/vanquish-gui:1.25.0-f5os-a-1-0-0-candidate.2021-12-02-13-50-29.S041249d3 "bash /usr/local/b..." 12 days ago Up 12 days
vanquish-gui
[root@appliance-1 ~]#
The GUI application usessingle-page React JS to create the pages and gather the details. However it needs an HTTP server to serve those pages back to the user. The GUI uses another container that has its own HTTP server running. Below is the container that runs the HTTP server:
GUI HTTP Server Container¶
[root@appliance-1 ~]# docker ps | grep http
42c52f254c4b localhost:2000/http-server:1.11.1 "/root/daemon_setu..." 12 days ago Up 12 days
http-server
[root@appliance-1 ~]#
The HTTP server binds to the same source volume as the GUI but in read-only mode. That way the GUI container manages the pages but the HTTP server is responsible for serving them:
[root@appliance-1 ~]# docker container inspect vanquish-gui
...
"Mounts": [
{
"Type": "volume",
"Name": "config_vanquish-gui-volume",
"Source": "/var/lib/docker/volumes/config_vanquish-gui-volume/_data",
"Destination": "/app/build",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
}
...
"Volumes": {
"/app/build": {}
},
...
[root@appliance-1 ~]#
[root@appliance-1 ~]# docker container inspect http-server
...
"Mounts": [
...
{
"Type": "volume",
"Name": "config_vanquish-gui-volume",
"Source": "/var/lib/docker/volumes/config_vanquish-gui-volume/_data",
"Destination": "/var/www/html",
"Driver": "local",
"Mode": "ro",
"RW": false,
"Propagation": ""
},
...
"Config": {
...
"Volumes": {
"/config/f5_public": {},
"/etc/auth-config": {},
"/tmp/download": {},
"/tmp/upload": {},
"/var/F5/fips": {},
"/var/F5/partition/IMAGES": {},
"/var/F5/partition/configs": {},
"/var/F5/partition/log": {},
"/var/F5/system": {},
"/var/confd/log": {},
"/var/core": {},
"/var/crash": {},
"/var/export/chassis/import": {},
"/var/import/staging": {},
"/var/log/httpd": {},
"/var/shared": {},
"/var/system/httpd": {},
"/var/www/html": {}
},
...
[root@appliance-1 ~]#
Important Note
As you may have noticed above, the HTTP server binds to /tmp/upload and /tmp/download for uploading and downloading files.
In case the GUI requires troubleshooting, you need to check the http-server logs while the http-server container is actively serving the GUI pages. More details on the New/Updated Logs section.
On the left side of GUI at login, there is a side bar menu. Below you can find a table describing each menu item in the side bar and the content and the actions you will find on each page.
High Level UI Screen Inventory for System GUI:
| Screen | Example Content/Actions | | Dashboard | Read-only details of:* Tenant deployments/health
Alarms
Logged in users? | | Tenant Management - Tenant Images | * List Tenant images
Import/Remove Tenant images | | Tenant Management - Tenant Deployments | Deploy and manage cBIP tenants | | Tenant Management - Tenant Details | View tenant configuration details (system level) such as image used, mgmt IP, etc
View tenant status | | Network Settings - Port Groups | Manage the physical optical port settings | | Network Settings - Port Mappings | View ports on the device and their status
Show port mappings and pipelines (FPGA setup) | | Network Settings - Interfaces | Configure the settings for the populated interfaces | | Network Settings - LAGs | Configure LAGs (aggregated interfaces) | | Network Settings - Interface Statistics | View current interface statistics | | Network Settings - VLANs | Configure VLANs that can be used by the interfaces and ultimately the tenants | | Network Settings - VLAN Listeners | Display system configured VLAN listeners | | Network Settings - LACP Details | View system LACP stats | | Network Settings - LLDP Configuration | * Enable/disable LLDP
Configure LLDP settings for the system | | Network Settings - LLDP Details | * View LLDP state information
View interface LLDP stats
View LLDP neighbor information | | Network Settings - STP Configuration | Configure system STP type and associated settings | | Network Settings - STP Details | View STP state information and status/stats | | System Settings - Alarm & Events | * List active alarms
View Event logs | | System Settings - Management Interface | * Change management interface configuration and network settings
View management interface statistics | | System Settings - Software Management | * Import and manage system software images
View import status
Upgrade software version | | System Settings - DNS | * Configure system DNS lookup servers
Configure system DNS search domains | | System Settings - Log Settings | * Configure remote logging servers
Change logging levels | | System Settings - File Utilities | Export files from the system | | System Settings - Time Settings | Configure use of NTP service
Add/delete/list NTP Servers
Change timezone
Manually set date/time | | System Settings - Certificate Management | * Manage TLS certificates
Generate self-signed certificate
Generate CSR | | System Settings - System Reports | * Generate/manage QKViews
Upload QKViews to iHealth
View iHealth uploads | | System Settings - Configuration Backup | Create/delete system configuration backups | | System Settings - Licensing | View license details
Activate/reactivate system license | | System Settings - General | * Configure hostname
Change MOTD banner
Enable/disable Appliance Mode | | User Management - Auth Settings | * Configure local/remote authentication (LDAP/RADIUS/TACACS+)
Change password policy | | User Management - Server Groups | Configure LDAP/RADIUS/TACACS+ server groups | | User Management - Users | Add/Edit/List users
Change user Roles |
Customer use case example¶
An administrator will use the GUI to manage the system and deploy tenants.
GUI Screen Shots¶
Dashboard¶
Tenant Images¶
Management Interface¶
Software Management¶
Alarms and Events¶
System Reports¶
New / Updated logs¶
As mentioned earlier if you have to troubleshoot the GUI, you may want to start looking at the logs from the http-server container. This is because the http-server container is the front end between the user and the rSeries platform. This container is configured to run httpd and log errors and access details to files in the directory**/var/log/httpd/**on the host. While you can docker exec into the container, and may need to if you see no logs written to /var/log/httpd/, you should be able to view the files directly on the host.
This is the list of logs files available in the http-server container:
http-server log location¶
[root@appliance-1 ~]# cd /var/log/httpd/
[root@appliance-1 ~]# ls -ltr
total 4848
-rw-r--r--. 1 root root 1716 Dec 10 00:28 ssl_error_log
-rw-r--r--. 1 root root 8399 Dec 10 00:28 error_log
-rw-r--r--. 1 root root 4097098 Dec 20 23:24 access_log
-rw-r--r--. 1 root root 467314 Dec 20 23:24 ssl_request_log
-rw-r--r--. 1 root root 360998 Dec 20 23:24 ssl_access_log
[root@appliance-1 ~]#
In case you have troubles with the GUI, after checking that the two containers “vanquish-gui” and “http-server” are up and running, you can view the http-server errors with the following command:
View http-server error_log¶
[root@appliance-1 ~]# cat /var/log/httpd/error_log
[Wed Dec 08 22:04:54.073712 2021] [suexec:notice] [pid 27] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Dec 08 22:04:54.074123 2021] [ssl:warn] [pid 27] AH01902: Host 100.65.6.2:8888: X.509 CRL storage locations configured, but CRL checking (SSLCARevocationCheck) is not enabled
[Wed Dec 08 22:04:54.074153 2021] [ssl:warn] [pid 27] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 08 22:04:54.074162 2021] [ssl:warn] [pid 27] AH01909: RSA certificate configured for 100.65.6.2:8888 does NOT include an ID which matches the server name
[Wed Dec 08 22:04:54.090713 2021] [auth_digest:notice] [pid 28] AH01757: generating secret for digest authentication ...
[Wed Dec 08 22:04:54.091720 2021] [lbmethod_heartbeat:notice] [pid 28] AH02282: No slotmem from mod_heartmonitor
[Wed Dec 08 22:04:54.092164 2021] [ssl:warn] [pid 28] AH01902: Host 100.65.6.2:8888: X.509 CRL storage locations configured, but CRL checking (SSLCARevocationCheck) is not enabled
[Wed Dec 08 22:04:54.092195 2021] [ssl:warn] [pid 28] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 08 22:04:54.092205 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:8888 does NOT include an ID which matches the server name
[Wed Dec 08 22:04:54.094007 2021] [mpm_prefork:notice] [pid 28] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2q-fips configured -- resuming normal operations
[Wed Dec 08 22:04:54.094020 2021] [core:notice] [pid 28] AH00094: Command line: '/usr/sbin/httpd'
[Wed Dec 08 22:04:56.114488 2021] [mpm_prefork:notice] [pid 28] AH00173: SIGHUP received. Attempting to restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 100.65.6.2. Set the 'ServerName' directive globally to suppress this message
[Wed Dec 08 22:04:56.131370 2021] [auth_digest:notice] [pid 28] AH01757: generating secret for digest authentication ...
[Wed Dec 08 22:04:56.131836 2021] [lbmethod_heartbeat:notice] [pid 28] AH02282: No slotmem from mod_heartmonitor
[Wed Dec 08 22:04:56.132249 2021] [ssl:warn] [pid 28] AH01902: Host 100.65.6.2:8888: X.509 CRL storage locations configured, but CRL checking (SSLCARevocationCheck) is not enabled
[Wed Dec 08 22:04:56.132278 2021] [ssl:warn] [pid 28] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 08 22:04:56.132288 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:8888 does NOT include an ID which matches the server name
[Wed Dec 08 22:04:56.133998 2021] [mpm_prefork:notice] [pid 28] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2q-fips configured -- resuming normal operations
[Wed Dec 08 22:04:56.134010 2021] [core:notice] [pid 28] AH00094: Command line: '/usr/sbin/httpd'
[Wed Dec 08 22:11:43.291216 2021] [mpm_prefork:notice] [pid 28] AH00173: SIGHUP received. Attempting to restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 100.65.6.2. Set the 'ServerName' directive globally to suppress this message
[Wed Dec 08 22:11:43.316942 2021] [auth_digest:notice] [pid 28] AH01757: generating secret for digest authentication ...
[Wed Dec 08 22:11:43.317559 2021] [lbmethod_heartbeat:notice] [pid 28] AH02282: No slotmem from mod_heartmonitor
[Wed Dec 08 22:11:43.317975 2021] [ssl:warn] [pid 28] AH01902: Host 100.65.6.2:8888: X.509 CRL storage locations configured, but CRL checking (SSLCARevocationCheck) is not enabled
[Wed Dec 08 22:11:43.318022 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:8888 does NOT include an ID which matches the server name
[Wed Dec 08 22:11:43.319765 2021] [mpm_prefork:notice] [pid 28] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2q-fips configured -- resuming normal operations
[Wed Dec 08 22:11:43.319777 2021] [core:notice] [pid 28] AH00094: Command line: '/usr/sbin/httpd'
[Wed Dec 08 22:12:30.260094 2021] [mpm_prefork:notice] [pid 28] AH00173: SIGHUP received. Attempting to restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 100.65.6.2. Set the 'ServerName' directive globally to suppress this message
[Wed Dec 08 22:12:30.276523 2021] [auth_digest:notice] [pid 28] AH01757: generating secret for digest authentication ...
[Wed Dec 08 22:12:30.276991 2021] [lbmethod_heartbeat:notice] [pid 28] AH02282: No slotmem from mod_heartmonitor
[Wed Dec 08 22:12:30.277394 2021] [ssl:warn] [pid 28] AH01902: Host 100.65.6.2:8888: X.509 CRL storage locations configured, but CRL checking (SSLCARevocationCheck) is not enabled
[Wed Dec 08 22:12:30.277442 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:8888 does NOT include an ID which matches the server name
[Wed Dec 08 22:12:30.279291 2021] [mpm_prefork:notice] [pid 28] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2q-fips configured -- resuming normal operations
[Wed Dec 08 22:12:30.279303 2021] [core:notice] [pid 28] AH00094: Command line: '/usr/sbin/httpd'
[Wed Dec 08 22:24:40.525068 2021] [mpm_prefork:notice] [pid 28] AH00173: SIGHUP received. Attempting to restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 100.65.6.2. Set the 'ServerName' directive globally to suppress this message
[Wed Dec 08 22:24:40.548320 2021] [auth_digest:notice] [pid 28] AH01757: generating secret for digest authentication ...
[Wed Dec 08 22:24:40.548784 2021] [lbmethod_heartbeat:notice] [pid 28] AH02282: No slotmem from mod_heartmonitor
[Wed Dec 08 22:24:40.549213 2021] [ssl:warn] [pid 28] AH01902: Host 100.65.6.2:8888: X.509 CRL storage locations configured, but CRL checking (SSLCARevocationCheck) is not enabled
[Wed Dec 08 22:24:40.549263 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:8888 does NOT include an ID which matches the server name
[Wed Dec 08 22:24:40.551239 2021] [mpm_prefork:notice] [pid 28] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2q-fips configured -- resuming normal operations
[Wed Dec 08 22:24:40.551253 2021] [core:notice] [pid 28] AH00094: Command line: '/usr/sbin/httpd'
[Thu Dec 09 18:06:18.651968 2021] [mpm_prefork:notice] [pid 28] AH00173: SIGHUP received. Attempting to restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 100.65.6.2. Set the 'ServerName' directive globally to suppress this message
[Thu Dec 09 18:06:18.675872 2021] [auth_digest:notice] [pid 28] AH01757: generating secret for digest authentication ...
[Thu Dec 09 18:06:18.676333 2021] [lbmethod_heartbeat:notice] [pid 28] AH02282: No slotmem from mod_heartmonitor
[Thu Dec 09 18:06:18.676738 2021] [ssl:warn] [pid 28] AH01902: Host 100.65.6.2:8888: X.509 CRL storage locations configured, but CRL checking (SSLCARevocationCheck) is not enabled
[Thu Dec 09 18:06:18.676784 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:8888 does NOT include an ID which matches the server name
[Thu Dec 09 18:06:18.678699 2021] [mpm_prefork:notice] [pid 28] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2q-fips configured -- resuming normal operations
[Thu Dec 09 18:06:18.678712 2021] [core:notice] [pid 28] AH00094: Command line: '/usr/sbin/httpd'
[Fri Dec 10 00:28:15.634139 2021] [mpm_prefork:notice] [pid 28] AH00173: SIGHUP received. Attempting to restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 100.65.6.2. Set the 'ServerName' directive globally to suppress this message
[Fri Dec 10 00:28:15.652911 2021] [auth_digest:notice] [pid 28] AH01757: generating secret for digest authentication ...
[Fri Dec 10 00:28:15.653368 2021] [lbmethod_heartbeat:notice] [pid 28] AH02282: No slotmem from mod_heartmonitor
[Fri Dec 10 00:28:15.653779 2021] [ssl:warn] [pid 28] AH01902: Host 100.65.6.2:8888: X.509 CRL storage locations configured, but CRL checking (SSLCARevocationCheck) is not enabled
[Fri Dec 10 00:28:15.653831 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:8888 does NOT include an ID which matches the server name
[Fri Dec 10 00:28:15.655703 2021] [mpm_prefork:notice] [pid 28] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2q-fips configured -- resuming normal operations
[Fri Dec 10 00:28:15.655720 2021] [core:notice] [pid 28] AH00094: Command line: '/usr/sbin/httpd'
[root@appliance-1 ~]#
Or for SSL errors:
View http-server ssl_error_log¶
[root@appliance-1 ~]# cat /var/log/httpd/ssl_error_log
[Wed Dec 08 22:04:54.074285 2021] [ssl:warn] [pid 27] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 08 22:04:54.074294 2021] [ssl:warn] [pid 27] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Wed Dec 08 22:04:54.092327 2021] [ssl:warn] [pid 28] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 08 22:04:54.092333 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Wed Dec 08 22:04:56.132408 2021] [ssl:warn] [pid 28] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 08 22:04:56.132414 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Wed Dec 08 22:11:43.318153 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Wed Dec 08 22:12:30.277572 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Wed Dec 08 22:24:40.549398 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Thu Dec 09 18:06:18.676925 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Fri Dec 10 00:28:15.653968 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[root@appliance-1 ~]#
The same output will appear with the docker exec command:
[root@appliance-1 ~]# docker exec -it http-server cat /var/log/httpd/ssl_error_log
[Wed Dec 08 22:04:54.074285 2021] [ssl:warn] [pid 27] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 08 22:04:54.074294 2021] [ssl:warn] [pid 27] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Wed Dec 08 22:04:54.092327 2021] [ssl:warn] [pid 28] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 08 22:04:54.092333 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Wed Dec 08 22:04:56.132408 2021] [ssl:warn] [pid 28] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 08 22:04:56.132414 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Wed Dec 08 22:11:43.318153 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Wed Dec 08 22:12:30.277572 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Wed Dec 08 22:24:40.549398 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Thu Dec 09 18:06:18.676925 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[Fri Dec 10 00:28:15.653968 2021] [ssl:warn] [pid 28] AH01909: RSA certificate configured for 100.65.6.2:443 does NOT include an ID which matches the server name
[root@appliance-1 ~]#
Expected / Possible Problems¶
See Known Issues section below.
Known Issues¶
The following are known issues at the time of release of F5OS-A v1.0.0:
Browser caching is known to be overly aggressive and on update/upgrade can cause false data to be displayed:bugtracker ID1067765
Troubleshooting Tips¶
The GUI is a container, and it uses other containers to read the details and provide authentication. It is important to understand if the “vanquish-gui” is the source of you problem or if the problem resides somewhere else.
One of the first steps you would need to follow is to make sure that the restconf interface is up, running and responding. One way to do this is just to perform a restconf query, similar to the following:
Check if restconf is running¶
user1@test_machine ~ % curl -k -X GET -H "Accept: application/yang-data+json" -u admin:<password>https://<ipAddress>:8888/restconf/; echo
{"ietf-restconf:restconf":{"data":{},"operations":{},"yang-library-version":"2016-06-21"}}
user1@test_machine ~ %
This will validate that the restconf is responding and the login is correct.
Next step is to validate the authentication manager. The “vanquish-gui” application requires the “X-Auth-Token” after the login to retrieve information about the group id assigned to the user. The “X-Auth-Token” is provided at successful login. If missing, the problem is probably to be in the container “authentication-mgr” and not in the “vanquish-gui” container. You would need to start debugging the “authentication-mgr” container. This is an example of how to verify if the token is provided back:
Validate authentication¶
user1@test_machine~ % curl --head -k -X GET -u admin:<password>https://<ipAddress>/api/
HTTP/1.1 200 OK
Date: Wed, 21 Oct 2020 08:19:48 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2q-fips
Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
Content-Length: 157
Content-Type: application/yang-data+xml
Vary: Accept-Encoding
X-Auth-Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRoaW5mbyI6ImFkbWluIDEwMDAgOTAwMCAvdG1wIiwidXNlcmluZm8iOiJhZG1pbiAxMjcuMC4wLjEgMzg4NTAgcmVzdCBodHRwIiwicmVuZXdsaW1pdCI6NSwiZXhwIjoxNjAzMjY5Mjg4fQ.ILWgvB6hT7baqR41xxRKks5bfpCiSR_tqNvMNwm4LJA
Pragma: no-cache
user1@test_machine~ %
Architecture¶
As part of the GUI login process, authentication is required and the mechanisms for this interaction are described in the diagrams below.
Data FlowDiagram - Communication with Apache server is shown in colored rectangle boxes¶
Part of the above data flow requires an auth token which is provided after the basic auth, noted as the ‘(2) Token is sent in the response’. The following two diagrams illustrate at a high level the authentication interactions:
Initial credentials are passed using basic auth to get JWT token which has a limited lifetime. Upon expiry, the user is prompted to enter credentials again since it is not stored in the GUI.