Command Line Certificate Login
You can use certificate-based authentication with tools such as curl
or wget
to access the VCH Admin log server.
With TLS Client Authentication
If you deployed the VCH with client authentication by using --tls-cname
or by specifying a static IP address on the client network, you can point curl
to the cert.pem
and key.pem
files for the VCH. The following example authenticates connections to the port-layer.log
file.
curl https://vch_address:2378/logs/port-layer.log --key ./cert_folder/key.pem --certificate ./cert_folder/cert.pem
NOTE: If your certificates are self-signed, you might also need to specify the curl -k
flag.
In the example above, cert_folder is either of the following locations:
- The folder with the same name as the VCH, in the directory from which you ran
vic-machine create
. - A folder that you specified in the
vic-machine create --cert-path
option.
Without Client Authentication
If you deployed the VCH without client authentication by using either of --no-tls
or --no-tlsverify
, you can use curl to access the logs but you must first authenticate connections to VCH Admin by using the vSphere username and password.
Log in to VCH Admin to gather an authentication cookie for subsequent access:
curl -sk https://vch_address:2378/authentication -XPOST -F username=vsphere_username -F password=vsphere_password -D cookies_file
Use the cookie from Step 1 in a
curl
command to access the logs.curl -sk https://vch_address:2378/logs/port-layer.log -b cookies_file