Application program interface (API) on MM

Why do we need API ?

For Aruba’s 6.x code versions, automation was not easy as CLI use to change over the time and WEBUI was not easily automatable.

WebUI used CLIs to communicate to the backend, which was hard coded and not easily extensible. The show commands of the configuration used to be displayed from different apps in their own proprietary formats. These apps maintained the config presented to them in their own proprietary structures and the show command output was not consistent across apps.
So, if outputs changed over the course of time, the scripts also had to change, as these outputs weren’t generated in a structured format.
Therefore, using GET and SET in a structured format for all configuration was the main requirement of implementing the JSON model.

STRUCTURED DATA – SCHEMA & DATA

The main reasons for providing JSON interface is that all the config now can be GET and SET using structured data APIs.
Structured data means that all the data is organized in a structure format (there can be many structures) but all elements belonging to one data type follow the same data model. This is achieved by separating schema from data.
Schema is a data model representation (in JSON format), which tells the user as to how to interpret the data.
It lists complete detail on each and every parameter or token that a particular config element can take – like it’s type (integer, character, string, IP address, IPv6 address, MAC address etc), min and max values, default value (when the user doesn’t give any value) etc.
Data is the representation of the config state of the controller in JSON format. It arranges the data in the same order as the schema and can be interpreted as schema tells it to be interpreted.

Rest API

What is REST ?

Rest is Representational State Transfer that can be modified or viewed using resources on the server without performing any server-side operations. Client requests a resource from the server and the server sends back the response.
REST is stateless, cacheable and secure.
It uses HTTP/HTTPS for communication and Application development is not tied with server-side

Response of REST calls will have a status code

Success Status code

200 – OK – Everything is working
201 – OK – New resource has been created
204 – OK – The resource was successfully deleted
304 – Not Modified – The client can use cached data

Error status code:

400 – Bad Request – The request was invalid or cannot be served.
401 – Unauthorized – The request requires an user authenticatio
403 – Forbidden – The server understood the request, but is refusing it or the access is not allowed.
404 – Not found – There is no resource behind the URI.
422 – Un-processable Entity – Should be used if the server cannot process the entity
500 – Internal Server Error

Types of API’s:

a) Configuration APIs (REST API)
b) Context APIs (NBAPIs)

a) Configuration APIs (REST API)

GUI view on how it looks

GET:

Now let’s check the same GET Option for an object (HT_SSID_PROF) using CLI
Before executing GET/SET commands, we need to login to the controller:


LOGIN:

[arubasupport@ANSHUL_CPPM_SRV ~]$curl –insecure -c “aruba-cookie” -d “username=admin&password=aruba123” https://10.17.164.11:4343/v1/api/login {“_global_result”: {“status”:”0″, “status_str”: “You’ve logged in successfully.”, “UIDARUBA”:”2bf89edb-5208-48d9-b916-bb2fa759c26a”}}

LOGOUT:

[arubasupport@ANSHUL_CPPM_SRV ~]$ curl –insecure -c “aruba-cookie” https://10.17.164.11:4343/v1/api/logout {“_global_result”: {“status”:”0″, “status_str”: “You’ve been logged out successfully.”, “UIDARUBA”:”(null)”}}

The –insecure (or -k) option can be used with the curl command if the certificate of the Mobility Master cannot be validated.

curl -k -b “aruba-cookie” -X GET –header “Accept: application/json” https://10.17.164.11/v1/configuration/object/ht_ssid_prof?config_path=%2Fmd&UIDARUBA=d0e5e419-ea8a-423e-9c5d-1144b4b6cb30

{
“_data”: {
“ht_ssid_prof”: [
{
“profile-name”: “default”,
“_flags”: {
“inherited”: true,
“default”: true
},
“ssid_ht_enable”: {
“_present”: true,
“_flags”:      
<OUTPUT SNIPPED>

SET/POST:

Posting a Virtual AP Profile:

curl -k -b “aruba-cookie” -X POST –header “Content-Type: application/json” –header “Accept: application/json” -d “{
“profile-name”: “curl_test”,
“aaa_prof”: {
“profile-name”: “default”
},
“vap_enable”: {},
“vlan”: {
“vlan”: “1”
},
“forward_mode”: {
“forward_mode”: “tunnel”
},
“ssid_prof”: {
“profile-name”: “default”
}
}” “https://10.17.164.11:4343/v1/configuration/object/virtual_ap?config_path=%2Fmd&UIDARUBA=db5f35eb-e3ed-4722-8aee-db8ec6b4ccf7&#8221;

OUTPUT

{
“virtual_ap”: {
“profile-name”: “curl_test”,
“aaa_prof”: {
“profile-name”: “default”,
“_result”: {
“status”: 0,
“status_str”: “”
}
},
“vap_enable”: {
“_result”: {
“status”: 0,
“status_str”: “”
}

…<skipped mid data and continued to final section>

},
“_result”: {
“status”: 0,
“status_str”: “”
}
},
“_global_result”: {
“status”: 0,
“status_str”: “Success”,
“_pending”: false
}

Creating a new role using .TXT file:


We need to create a .txt file in linux and save it to the required path,

To create a .txt file,



[arubasupport@ANSHUL_CPPM_SRV ~]$ echo “{
“rname”: “string”,
“role__acl”: {
“acl_type”: “eth”,
“pname”: “string”,
“loc”: “string”,
“prio”: 0
},
“role__reauth”: {
“seconds”: true,
“reauthperiod”: 0
}
}” > sample1.txt

We have ECHOED the ROLE INFO in a text file called sample1.txt

OUTPUT

[arubasupport@ANSHUL_CPPM_SRV ~]$ cat sample1.txt
{
“rname”: “curltest”,
“role__reauth”: {
“seconds”: true,
“reauthperiod”: 20
},
“role__acl”: [
{
“acl_type”: “session”,
“pname”: “captiveportal”
},
{
“acl_type”: “session”,
“pname”: “logon-control”
}
]

Here we can see the txt file is created

curl -k -b “aruba-cookie” -X POST -i “https://10.17.164.11/v1/configuration/object/role?config_path=%2Fmd&UIDARUBA=e27d21f7-0806-4021-8ae6-e512152c8a82&#8221; -d @sample1.txt

HTTP/1.1 200 OK
Date: Mon, 13 Feb 2017 19:16:48 GMT
Server: Apache
Expires: 0
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge;IE=11;IE=10;IE=9
Expires: 0
Set-Cookie: SESSION=e27d21f7-0806-4021-8ae6-e512152c8a82; path=/;;Secure;
Content-Length: 719
Content-Type: application/json
{
“role”: {
“rname”: “curltest”,
“role__reauth”: {
“seconds”: true,
“reauthperiod”: 20,
“_result”: {
……….
“_global_result”: {
“status”: 0,
“status_str”: “Success”,
“_pending”: 1

GET/POST information to lower hierarchal design:

Configuration node hierarchy

/md/Anshul-MD/local-device/00:1a:1e:02:1b:60  Device  Aruba7220

curl -k -b “aruba-cookie” -X POST –header “Content-Type: application/json” –header “Accept: application/json” “https://10.17.164.11/v1/configuration/object/write_memory?config_path=%2Fmd%2FAnshul-MD%2Flocal-device%2F00%3A1a%3A1e%3A02%3A1b%3A60&UIDARUBA=420f39f2-b332-4c98-a0ab-341826102a23″

Write Memory:

curl -k -b “aruba-cookie” -X POST –header “Content-Type: application/json” –header “Accept: application/json” “https://10.17.164.11/v1/configuration/object/write_memory?config_path=%2Fmd&UIDARUBA=aba2f089-80cb-42f9-9cab-034e0ba4d57b”

{
“write_memory”: {
“_result”: {
“status”: 0,
………..
“status”: 0,
“status_str”: “Success”,
“_pending”: false
}

Using “show” command APIs:
SHOW AP DATABASE

curl -k -b aruba-cookie -X GET –ihttps://10.17.164.11:4343/v1/configuration/showcommand?command=show+ap+database&UIDARUBA=420f39f2-b332-4c98-a0ab-341826102a23″

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 19:37:58 GMT
Server: Apache
Expires: 0
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge;IE=11;IE=10;IE=9
Expires: 0
Set-Cookie: SESSION=420f39f2-b332-4c98-a0ab-341826102a23; path=/;;Secure;
  Content-Length: 1240
Content-Type: application/json{

“AP Database”: [
{
“AP Type”: “225”,
“Flags”: null,
“Group”: “New-Test-API”,
“IP Address”: “10.17.170.126”,
“Name”: “225-rep”,
“Standby IP”: “0.0.0.0”,
“Status”: “Up 8m:0s”,
“Switch IP”: “10.17.170.106”
},
{
“AP Type”: “225”,
“Flags”: null,
“Group”: “New-Test”,
“IP Address”: “10.17.170.125”,
“Name”: “225-test-MM”,
“Standby IP”: “0.0.0.0”,
“Status”: “Up 19d:11h:11m:1s”,
“Switch IP”: “10.17.170.106”

    }

 ],=
“_data”: [

“Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed”,

“I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch”,
“X = Maintenance Mode; P = PPPoE AP; B = Built-in AP; s = LACP striping”,
“R = Remote AP; R- = Remote AP requires Auth; C = Cellular RAP;”,
“c = CERT-based RAP; 1 = 802.1x authenticated AP; 2 = Using IKE version 2”,
“u = Custom-Cert RAP; S = Standby-mode AP; J = USB cert at AP”,
“i = Indoor; o = Outdoor”,
<OUTPUT SNIPPED>

Posting Multiple Objects in One-Go

curl -k -b “aruba-cookie” -X POST –header “Content-Type: application/json” –header “Accept: application/json” -d “{
“aaa_prof”: {
“profile-name”: “aaa-curl”,
“default_user_role”: {
“role”: “authenticated“
},
“dot1x_auth_profile”: {
“profile-name”: “default-psk“
}
},
“ssid_prof”: {
“profile-name”: “ssid-curl”,
“ssid_enable”: {},
“essid”: {
“essid”: “ess-curl“


},
“write_memory”: {}
}” “https://10.17.164.111:4343/v1/configuration/object/?config_path=%2Fmd&UIDARUBA=bb34c35e-d3ea-444e-ab61-9b6b2e5e48f0&#8221;

b) Context APIs (NBAPIs)

Explained here

References:

ARUBA EMEA AIRHEADS – The content of this blog is from my training presentation to the Aruba EMEA Partners.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: