Foreman » Smart Proxy

h1. API

Foreman Smart Proxy provides a "REST":http://en.wikipedia.org/wiki/Representational_State_Transfer API, communicating via JSON.  For providers that take POST requests, some take form parameters as inputs (var=1&var=2), others may take JSON. Please refer to this document for latest information about Foreman Smart Proxy API.

_The API entries containing *variant* are only available in smart-proxy v2.0 and later._

h2. List of API's

|_.Path|_.REST Type|_.Description|_.Example Input |  

|

|_.FEATURES |

|/features|GET|List of features supported by the proxy||

|/version|GET|Proxy version||

|_.DHCP |

|/dhcp|GET|Retrieve a list of subnets||

|/dhcp/10.1.2.0|GET|Retrieve 10.1.2.0 subnets records||

|/dhcp/10.1.2.0/10.1.2.5|GET|Retrieve 10.1.2.5 reservation information ||

|/dhcp/10.1.2.0/unused_ip|GET|Provides an unused ip address in 10.1.2.0 subnet ||

|/dhcp/10.1.2.0|POST|creates new reservation in 10.1.2.0 subnet |@{"hostname":string, "name":string, "filename":string, "ip":string, "nextserver":string, "mac":string}@|

|/dhcp/10.1.2.0/10.1.2.5|DELETE|Deletes 10.1.2.5 reservation from 10.1.2.0 subnet||

|_.DNS |

|/dns/|POST|Create a new DNS record|@fqdn=hostname.example.com&value=192.168.1.1&type=A@|

|/dns/value|DELETE|remove value(ip or reverse) DNS record||

|_.TFTP |

|/tftp/00:11:22:33:44:55|POST|creates pxelinux configuration file for host with MAC address 00:11:22:33:44:55|@{"syslinux_config":string}@. Implicit variant of "syslinux"|

|/tftp/<variant>/00:11:22:33:44:55|POST|creates pxeconfig configuration file for host with MAC address 00:11:22:33:44:55|@{"pxeconfig":string}@. Variant can be "syslinux" or "pxegrub"|

|/tftp/00:11:22:33:44:55|DELETE|remove pxelinux configuration file for host with MAC address 00:11:22:33:44:55|Implicit variant of "syslinux"|

|/tftp/<variant>/00:11:22:33:44:55|DELETE|remove pxeconfig configuration file for host with MAC address 00:11:22:33:44:55|. Variant can be "syslinux" or "pxegrub"|

|/tftp/create_default|POST|creates a default pxelinux configuration file|@{"syslinux_config":string}@. Implicit variant of "syslinux" |

|/tftp/<variant>/create_default|POST|creates a default pxeconfig configuration file|@{"pxeconfig":string}@. Variant can be "syslinux" or "pxegrub"|

|/tftp/fetch_boot_file|POST|creates a default pxelinux configuration file|@{"prefix":string, "path":string}@|

|/tftp/serverName|GET|fetches the TFTP server name to be used within a dhcp record||

|_.PUPPET CA |

|/puppet/ca|GET| list of all puppet certificates ||

|/puppet/ca/certname|POST| Sign pending certificate request ||

|/puppet/ca/certname|DELETE| Remove (clean) and revoke a certificate ||

|/puppet/ca/autosign|GET| list of all puppet autosign entires ||

|/puppet/ca/autosign/certname|POST| Add certname to Puppet autosign ||

|/puppet/ca/autosign/certname|DELETE| Remove certname from Puppet autosign ||

|_.PUPPET |

|/puppet/run|POST| Trigger puppet run / kick|@["hostA", "hostB"]@|

|/puppet/environments |GET| list of all puppet environment names||

|/puppet/environments/production> |GET| show puppet production environment name and module paths||

|/puppet/environments/production/classes |GET| return a hash of puppet classes in the production environment|Puppet class parameters is supported from 1.1|

|_.BMC |

|/bmc/providers|GET|Get a list of supported BMC providers||

|/bmc/providers/installed|GET|Get a list of installed BMC providers||

|/bmc/:host|GET|returns host operations||

|/bmc/:host/chassis|GET|returns chassis operations||

|/bmc/:host/chassis/power/:action|GET|Gets the power status, does not change power, leave action blank for list of available actions||

|/bmc/:host/lan/:action|GET|Get bmc lan details, leave action blank for list of available actions||

|/bmc/:host/chassis/identify/:action|GET|gets chassis identify status, leave action blank for list of available actions||

|/bmc/:host/chassis/config/:function|GET|Get chassis config details, supports bootdevices, leave function blank for list of available functions||

|/bmc/:host/chassis/power/:action|PUT|Control the power of the bmc device, leave action blank for list of available functions| valid actions: on, off, cycle, soft|

|/bmc/:host/chassis/config/:function/:action|PUT|Set config of bios, currently supports bootdevice|valid actions: pxe, cdrom, bios, disk   valid options: reboot, persistent|

|/bmc/:host/chassis/identify/:action|PUT|controls the chassis identify light, leave action blank for available actions| actions: on, off|

|_.REALM |

| /realm/:realm | POST | Creates/Updates new realm entry. "Userclass" is an arbitrary data field.  Used by FreeIPA provider for automembership, and foreman passes the host group title. | @hostname=host.example.com&userclass=webservers@ |

| /realm/:realm | POST | Recreate realm entry (revokes keytab, etc) | @hostname=host.example.com&userclass=webservers&rebuild=true@ |

| /realm/:realm/:hostname | DELETE | Deletes new realm entry ||

Please raise a new issue if you need additional API's

h2. Manually Calling the API

The API can be manually tested out using curl.  GET types can be retrieved like any other URL.  This one, for example, will return the HTML formatted page with the list of features enabled on the proxy.

<pre>

curl http://localhost:8443/features

</pre>

The results can also be returned as JSON if you set an appropriate Accept header.

<pre>

curl -H "Accept: application/json" http://localhost:8443/features

</pre>

POST URLs, used to create objects or trigger actions, need to have the parameters passed in via the -d argument.  This curl command line will trigger a puppetrun on server.example.com.

<pre>

curl -d 'nodes=server.example.com' http://localhost:8443/puppet/run

</pre>

This curl command line will add an A record for server.example.com with ip address of 10.1.2.5.

<pre>

curl -d 'fqdn=servers.example.com&value=10.1.2.5&type=A' http://localhost:8443/dns/

</pre>

Multiple post options may be specified by repeating the -d argument.

<pre>

curl -d 'prefix=boot/CentOS-5-x86_64' -d 'path=http://yourlocalmirrorhere/pub/centos/5/os/x86_64/images/pxeboot/vmlinuz'  http://localhost:8443/tftp/fetch_boot_file

</pre>

When you are creating an object, the identifier for the object is typically passed in as part of the URL, rather than as a POST value.  For example, this will create a PXE boot configuration file for a host with MAC address 00:11:22:33:44:55, and will just put "Hello World" as the contents of the file.  (A real world example would, of course, substitute a valid PXE boot configuration in the string.)

<pre>

curl -d 'syslinux_config=Hello World' http://localhost:8443/tftp/00:11:22:33:44:55

</pre>

In order to delete objects, you use the same URL as in the original creation, but pass it not POST values, and use the DELETE HTTP method instead of POST.  This will delete the PXE boot configuration file created above.

<pre>

curl -X DELETE http://localhost:8443/tftp/00:11:22:33:44:55

</pre>

h2. BMC Controls 

Summary

The smart-proxy can now control BMC devices through the use of the IPMI protocol.  The smart proxy utilizes ipmitool and freeipmi to control your BMC devices through the network.  

h3. Prerequisites

In order to control the BMC device using the smart proxy you must perform the following actions:

1. Enable bmc support in the settings.yml file

2. Install rubyipmi gem, 

3. Install freeipmi, and/or ipmitool either from source or package

4. The bmc device must be setup on the network with login credentials

5. Smart proxy must be able to reach the bmc device through the network

h3. Using Parameters with the BMC API

1. When using the bmc api, you must send the credentials of the bmc device using Http Basic Authorization

2. If you wish to override the default bmc provider for a particular BMC device please specify in the http parameter (bmc_provider) Valid options are ipmitool and freeipmi

3. Some api calls have optional parameters, leaving the action blank on some api calls will return valid actions and options.

h3. BMC Security

Its important to note that at this time the bmc api does not encrypt your credentials.  Your credentials are sent in the clear to the smart proxy and then used on the command line to execute the local command.

In order to achieve some level of security it is important that your smart proxy use https.  Using https will ensure that your credentials are sent via the encrypted https channel.  Additionally, by default the bmc api 

will never expose your credentials to prying eyes via logs or process checks.  The local bmc commands will be run with the credentials placed in a random file which is deleted upon every call and cannot be opened

by any other user.

[[Draft 2.0 version of DNS API]]