Common Management Tasks with aXAPI

A10 Networks products with the Advanced Core Operating System (ACOS) technology include a comprehensive API infrastructure for system integrations and management. This API product is aXAPI, a RESTful web services-based interface providing DevOps and IT operations the capability to integrate seamlessly with existing management platforms.

aXAPI integrates with management automation systems like Ansible, Chef, Puppet and Jenkins or can be used directly with custom developed software. For more information read the article "aXAPI For Integration."

This article will provide direct programming examples of common management tasks including:

  1. Login to systems over the network
  2. Erase and reset systems to factory defaults while logged in
  3. Backup and restore system data and images
  4. Update network parameters like IP and DNS addresses and routing
  5. Query systems status for booted and loading status

The following examples will use Linux cURL scripts for simplicity.  These working examples can then be ported to any language or management environment.

Login

The following call will authenticate with a username and password.  The API then returns data in JSON format including a token in the signature field.  This token must be passed to all proceeding API calls.

/usr/bin/curl -k -s "https://$HOSTIP/axapi/v3/auth"   \
-H "Content-Type:application/json" \
-d '{
    "credentials": {
        "username": "admin",
        "password": "a10"
    }
}' > /tmp/out.json
sig=`cat /tmp/out.json | grep  ""signature"" | cut -f 2 -d ':' | sed 's/"//g' | sed 's/,//g'`
if [ "$sig" == "" ];
then
    echo "ERROR - Failed to login to ACOS device - exiting"
    exit
fi

The returned token string is parsed into the $sig variable to be used in succeeding API tasks.

System Backup

A critical function to perform is a system backup.  The following example instructs the A10 system to generate a package with system image and configuration, then use FTP to push the backup to a remote server.  Other protocols can be used including HTTP, SCP, SFTP and TFTP.

curl -k -s  -X POST      \
    "https://$HOSTIP/axapi/v3/backup/system" \
-H "Authorization: A10 $sig" \
-H "Content-Type:application/json"   \
-d "{
        "system":  {
            "remote-file":"ftp://backup@server.where.com/$BKPATH/$BKFILE",
            "password":"a102345"
        }
}" > /tmp/out.backup.json
x=`cat /tmp/out.backup.json | grep  ""status": "OK""`
if [ "$x" = "" ]
then
    echo "System Backup failed"
    cat /tmp/out.backup.json
else
    echo "System Backup successful [$BKPATH/$BKFILE]"
fi

Erase System

Erase sets the system configuration to a factory default state.  When re-deploying a system with an unknown state, best practices dictates performing an erase.  Logs and other usage history is cleared out along with all other configurations.

echo "Erase Configuration"
curl -k -s -X POST     \
    "https://$HOST/axapi/v3/erase" \
-H "Authorization: A10 $sig" \
-H "Content-Type:application/json"   \
-d '{
    "erase": {
        "preserve-management":0,
        "preserve-accounts":1,
        "reload":1
    }
}' > /tmp/out.json

The “preserve-management” is not enabled since it will be set to DHCP by default. 

“Reload” is enabled which will initiate a system reload (reboot).

NOTE: If an Erase is scripted, the script will need to pause and wait for the reboot to complete and the system to be ready.  Refer to the “Wait for System Ready” script below.

Restore System

The following will pull down a package backup file to the A10 system and restore the image and configurations.

curl -k -s  -X POST      \
    "https://$HOSTIP/axapi/v3/restore" \
-H "Authorization: A10 $sig" \
-H "Content-Type:application/json"   \
-d "{
        "restore":  {
            "remote-file":"ftp://root:12345@server.where.com/$BKPATH/$BKFILE"
         }
   }" > /tmp/out.restore.json
x=`cat /tmp/out.restore.json`
if [ "$x" == "" ]
then
    echo "System Restore successful [$BKPATH/$BKFILE]"
    echo "Need to reboot system to complete restore"
else
    echo "ERROR - System Restore failed [$BKPATH/$BKFILE]"
    cat /tmp/out.restore.json
fi
NOTE: Be aware that if the number of interfaces do not match between the target system and the backup package file, the network interfaces will have to be enabled and configured.

Reboot System

Send instruction to reboot the system.

NOTE: A system reboot is required after a restore.
curl -k -s -X POST      \
    "https://$HOSTIP/axapi/v3/reboot" \
-H "Authorization: A10 $sig" \
-H "Content-Type:application/json"  \
-d "{
        "reboot":  {
            "all":"0"
        }
}" > /tmp/out.reboot.json
#x=`cat /tmp/out.reboot.json | grep  ""status": "OK""`
x=`cat /tmp/out.reboot.json`
if [ "$x" == "" ]
then
    echo "System Reboot sucessful"
else
    echo "System Reboot failed"
    cat /tmp/out.reboot.json
fi

Wait for System Ready

When automating management tasks which require a reboot, it is necessary to query the system for boot completion and for the system to be in a ready state.  The following script would normally be run after a reboot.  Once this script completes, it releases the wait states and passes control to the next command.

#/usr/bin/bash
HOST="$1"
echo "Remote host [$HOST]"
echo "Polling the system for both booted and ready condition"
sleep 5
while [ 1 ]
do
    ##echo "Login to Thunder"
    curl -k -s "https://$HOST/axapi/v3/auth"   \
    -H "Content-Type:application/json" \
    -d '{
        "credentials": {
            "username": "admin",
            "password": "a10"
        }
    }' > /tmp/out.json
    x=`cat /tmp/out.json | grep  ""signature"" | cut -f 2 -d ':' | sed 's/"//g' | sed 's/,//g'`
    if [ "$x" = "" ]
    then
        echo "System not available, - waiting..."
        sleep 10
    else
        echo "System booted"
        break
    fi
done
while [ 1 ]
do
    ##echo "Login to Thunder"
    curl -k -s "https://$HOST/axapi/v3/auth"   \
    -H "Content-Type:application/json" \
    -d '{
        "credentials": {
            "username": "admin",
            "password": "a10"
        }
    }' > /tmp/out.json
    x=`cat /tmp/out.json | grep  ""signature"" | cut -f 2 -d ':' | sed 's/"//g' | sed 's/,//g'`
    curl -k -s      \
        "https://$HOST/axapi/v3/running-config" \
    -H "Authorization: A10 $x" \
    -H "Content-Type:application/json"   \
    -d '{
        "running-config": {
            "aflex": 0,
            "class-list": 0
        }
    }' > /tmp/out.json
    out=`cat /tmp/out.json | grep  "running-config" `
    if [ "$out" = "" ]
    then
        echo "Still loading, - waiting..."
        sleep 10
    else
        echo "System loaded"
        sleep 5
        break
    fi
done
exit

Configure DNS

The following API calls set the system DNS primary IP address and DNS suffix.

echo "Set Primary DNS Primary IP"
curl -s -k -X POST     \
    "https://$HOST/axapi/v3/ip/dns/primary" \
-H "Authorization: A10 $sig" \
-H "Content-Type:application/json"   \
-d "{
    "primary":
        "ip-v4-addr": ""$DNSIP""
    }
}" > /tmp/out.set_dns_primary.json
echo "Set DNS Suffix"
curl -s -k -X POST     \
    "https://$HOST/axapi/v3/ip/dns/suffix" \
-H "Authorization: A10 $sig" \
-H "Content-Type:application/json"   \
-d '{
    "suffix": {
        "domain-name": "what.com"
    }
}' > /tmp/out.set_dns_suffix.json