API » History » Version 27
Corey Osman, 03/20/2015 01:10 PM
1 | 1 | Ohad Levy | h1. API |
---|---|---|---|
2 | |||
3 | 20 | Stephen Benjamin | Foreman Smart Proxy provides a "REST":http://en.wikipedia.org/wiki/Representational_State_Transfer API, communicating via JSON. For providers that take POST requests, some take form parameters as inputs (var=1&var=2), others may take JSON. Please refer to this document for latest information about Foreman Smart Proxy API. |
4 | 1 | Ohad Levy | |
5 | 10 | Paul Kelly | _The API entries containing *variant* are only available in smart-proxy v2.0 and later._ |
6 | 1 | Ohad Levy | |
7 | h2. List of API's |
||
8 | |||
9 | 20 | Stephen Benjamin | |_.Path|_.REST Type|_.Description|_.Example Input | |
10 | | |
||
11 | 1 | Ohad Levy | |_.FEATURES | |
12 | |/features|GET|List of features supported by the proxy|| |
||
13 | 9 | Ohad Levy | |/version|GET|Proxy version|| |
14 | 1 | Ohad Levy | |_.DHCP | |
15 | |/dhcp|GET|Retrieve a list of subnets|| |
||
16 | |/dhcp/10.1.2.0|GET|Retrieve 10.1.2.0 subnets records|| |
||
17 | |/dhcp/10.1.2.0/10.1.2.5|GET|Retrieve 10.1.2.5 reservation information || |
||
18 | |/dhcp/10.1.2.0/unused_ip|GET|Provides an unused ip address in 10.1.2.0 subnet || |
||
19 | 5 | Frank Sweetser | |/dhcp/10.1.2.0|POST|creates new reservation in 10.1.2.0 subnet |@{"hostname":string, "name":string, "filename":string, "ip":string, "nextserver":string, "mac":string}@| |
20 | 1 | Ohad Levy | |/dhcp/10.1.2.0/10.1.2.5|DELETE|Deletes 10.1.2.5 reservation from 10.1.2.0 subnet|| |
21 | |_.DNS | |
||
22 | 20 | Stephen Benjamin | |/dns/|POST|Create a new DNS record|@fqdn=hostname.example.com&value=192.168.1.1&type=A@| |
23 | 1 | Ohad Levy | |/dns/value|DELETE|remove value(ip or reverse) DNS record|| |
24 | |_.TFTP | |
||
25 | 10 | Paul Kelly | |/tftp/00:11:22:33:44:55|POST|creates pxelinux configuration file for host with MAC address 00:11:22:33:44:55|@{"syslinux_config":string}@. Implicit variant of "syslinux"| |
26 | |/tftp/<variant>/00:11:22:33:44:55|POST|creates pxeconfig configuration file for host with MAC address 00:11:22:33:44:55|@{"pxeconfig":string}@. Variant can be "syslinux" or "pxegrub"| |
||
27 | |/tftp/00:11:22:33:44:55|DELETE|remove pxelinux configuration file for host with MAC address 00:11:22:33:44:55|Implicit variant of "syslinux"| |
||
28 | |/tftp/<variant>/00:11:22:33:44:55|DELETE|remove pxeconfig configuration file for host with MAC address 00:11:22:33:44:55|. Variant can be "syslinux" or "pxegrub"| |
||
29 | |/tftp/create_default|POST|creates a default pxelinux configuration file|@{"syslinux_config":string}@. Implicit variant of "syslinux" | |
||
30 | |/tftp/<variant>/create_default|POST|creates a default pxeconfig configuration file|@{"pxeconfig":string}@. Variant can be "syslinux" or "pxegrub"| |
||
31 | 5 | Frank Sweetser | |/tftp/fetch_boot_file|POST|creates a default pxelinux configuration file|@{"prefix":string, "path":string}@| |
32 | 8 | Ohad Levy | |/tftp/serverName|GET|fetches the TFTP server name to be used within a dhcp record|| |
33 | 1 | Ohad Levy | |_.PUPPET CA | |
34 | |/puppet/ca|GET| list of all puppet certificates || |
||
35 | 7 | Ohad Levy | |/puppet/ca/certname|POST| Sign pending certificate request || |
36 | |/puppet/ca/certname|DELETE| Remove (clean) and revoke a certificate || |
||
37 | 1 | Ohad Levy | |/puppet/ca/autosign|GET| list of all puppet autosign entires || |
38 | |/puppet/ca/autosign/certname|POST| Add certname to Puppet autosign || |
||
39 | |/puppet/ca/autosign/certname|DELETE| Remove certname from Puppet autosign || |
||
40 | |_.PUPPET | |
||
41 | 5 | Frank Sweetser | |/puppet/run|POST| Trigger puppet run / kick|@["hostA", "hostB"]@| |
42 | 12 | Ohad Levy | |/puppet/environments |GET| list of all puppet environment names|| |
43 | |/puppet/environments/production> |GET| show puppet production environment name and module paths|| |
||
44 | 13 | Ohad Levy | |/puppet/environments/production/classes |GET| return a hash of puppet classes in the production environment|Puppet class parameters is supported from 1.1| |
45 | 15 | Corey Osman | |_.BMC | |
46 | 16 | Corey Osman | |/bmc/providers|GET|Get a list of supported BMC providers|| |
47 | |/bmc/providers/installed|GET|Get a list of installed BMC providers|| |
||
48 | |/bmc/:host|GET|returns host operations|| |
||
49 | |/bmc/:host/chassis|GET|returns chassis operations|| |
||
50 | 19 | Daniel Lobato Garcia | |/bmc/:host/chassis/power/:action|GET|Gets the power status, does not change power, leave action blank for list of available actions|| |
51 | 18 | Corey Osman | |/bmc/:host/lan/:action|GET|Get bmc lan details, leave action blank for list of available actions|| |
52 | 1 | Ohad Levy | |/bmc/:host/chassis/identify/:action|GET|gets chassis identify status, leave action blank for list of available actions|| |
53 | |/bmc/:host/chassis/config/:function|GET|Get chassis config details, supports bootdevices, leave function blank for list of available functions|| |
||
54 | |/bmc/:host/chassis/power/:action|PUT|Control the power of the bmc device, leave action blank for list of available functions| valid actions: on, off, cycle, soft| |
||
55 | |/bmc/:host/chassis/config/:function/:action|PUT|Set config of bios, currently supports bootdevice|valid actions: pxe, cdrom, bios, disk valid options: reboot, persistent| |
||
56 | 16 | Corey Osman | |/bmc/:host/chassis/identify/:action|PUT|controls the chassis identify light, leave action blank for available actions| actions: on, off| |
57 | 20 | Stephen Benjamin | |_.REALM | |
58 | | /realm/:realm | POST | Creates/Updates new realm entry. "Userclass" is an arbitrary data field. Used by FreeIPA provider for automembership, and foreman passes the host group title. | @hostname=host.example.com&userclass=webservers@ | |
||
59 | | /realm/:realm | POST | Recreate realm entry (revokes keytab, etc) | @hostname=host.example.com&userclass=webservers&rebuild=true@ | |
||
60 | | /realm/:realm/:hostname | DELETE | Deletes new realm entry || |
||
61 | 15 | Corey Osman | |
62 | 1 | Ohad Levy | |
63 | Please raise a new issue if you need additional API's |
||
64 | 4 | Frank Sweetser | |
65 | h2. Manually Calling the API |
||
66 | |||
67 | The API can be manually tested out using curl. GET types can be retrieved like any other URL. This one, for example, will return the HTML formatted page with the list of features enabled on the proxy. |
||
68 | |||
69 | 1 | Ohad Levy | <pre> |
70 | curl http://localhost:8443/features |
||
71 | </pre> |
||
72 | |||
73 | 14 | Michael Coulter | The results can also be returned as JSON if you set an appropriate Accept header. |
74 | |||
75 | <pre> |
||
76 | curl -H "Accept: application/json" http://localhost:8443/features |
||
77 | </pre> |
||
78 | |||
79 | 1 | Ohad Levy | POST URLs, used to create objects or trigger actions, need to have the parameters passed in via the -d argument. This curl command line will trigger a puppetrun on server.example.com. |
80 | <pre> |
||
81 | curl -d 'nodes=server.example.com' http://localhost:8443/puppet/run |
||
82 | 11 | Michael Coulter | </pre> |
83 | |||
84 | This curl command line will add an A record for server.example.com with ip address of 10.1.2.5. |
||
85 | <pre> |
||
86 | curl -d 'fqdn=servers.example.com&value=10.1.2.5&type=A' http://localhost:8443/dns/ |
||
87 | 5 | Frank Sweetser | </pre> |
88 | |||
89 | 22 | Johan Sunnerstig | This curl command line will remove the A record added above. |
90 | <pre> |
||
91 | curl -XDELETE http://localhost:8443/dns/servers.example.com |
||
92 | </pre> |
||
93 | |||
94 | 5 | Frank Sweetser | Multiple post options may be specified by repeating the -d argument. |
95 | <pre> |
||
96 | curl -d 'prefix=boot/CentOS-5-x86_64' -d 'path=http://yourlocalmirrorhere/pub/centos/5/os/x86_64/images/pxeboot/vmlinuz' http://localhost:8443/tftp/fetch_boot_file |
||
97 | </pre> |
||
98 | |||
99 | When you are creating an object, the identifier for the object is typically passed in as part of the URL, rather than as a POST value. For example, this will create a PXE boot configuration file for a host with MAC address 00:11:22:33:44:55, and will just put "Hello World" as the contents of the file. (A real world example would, of course, substitute a valid PXE boot configuration in the string.) |
||
100 | |||
101 | <pre> |
||
102 | curl -d 'syslinux_config=Hello World' http://localhost:8443/tftp/00:11:22:33:44:55 |
||
103 | </pre> |
||
104 | |||
105 | In order to delete objects, you use the same URL as in the original creation, but pass it not POST values, and use the DELETE HTTP method instead of POST. This will delete the PXE boot configuration file created above. |
||
106 | |||
107 | <pre> |
||
108 | 1 | Ohad Levy | curl -X DELETE http://localhost:8443/tftp/00:11:22:33:44:55 |
109 | </pre> |
||
110 | 16 | Corey Osman | |
111 | h2. BMC Controls |
||
112 | |||
113 | Summary |
||
114 | The smart-proxy can now control BMC devices through the use of the IPMI protocol. The smart proxy utilizes ipmitool and freeipmi to control your BMC devices through the network. |
||
115 | |||
116 | h3. Prerequisites |
||
117 | |||
118 | In order to control the BMC device using the smart proxy you must perform the following actions: |
||
119 | |||
120 | 1. Enable bmc support in the settings.yml file |
||
121 | 2. Install rubyipmi gem, |
||
122 | 3. Install freeipmi, and/or ipmitool either from source or package |
||
123 | 4. The bmc device must be setup on the network with login credentials |
||
124 | 5. Smart proxy must be able to reach the bmc device through the network |
||
125 | |||
126 | h3. Using Parameters with the BMC API |
||
127 | |||
128 | 1. When using the bmc api, you must send the credentials of the bmc device using Http Basic Authorization |
||
129 | 2. If you wish to override the default bmc provider for a particular BMC device please specify in the http parameter (bmc_provider) Valid options are ipmitool and freeipmi |
||
130 | 3. Some api calls have optional parameters, leaving the action blank on some api calls will return valid actions and options. |
||
131 | |||
132 | 17 | Corey Osman | h3. BMC Security |
133 | 16 | Corey Osman | |
134 | Its important to note that at this time the bmc api does not encrypt your credentials. Your credentials are sent in the clear to the smart proxy and then used on the command line to execute the local command. |
||
135 | In order to achieve some level of security it is important that your smart proxy use https. Using https will ensure that your credentials are sent via the encrypted https channel. Additionally, by default the bmc api |
||
136 | will never expose your credentials to prying eyes via logs or process checks. The local bmc commands will be run with the credentials placed in a random file which is deleted upon every call and cannot be opened |
||
137 | by any other user. |
||
138 | 6 | Brian Gupta | |
139 | 23 | Corey Osman | h3. Examples |
140 | |||
141 | returns boolean if the power is off (Note this only occurs when using GET |
||
142 | <pre> |
||
143 | curl -vks --data 'bmc_provider=freeipmi' 'http://127.0.0.1:8443/bmc/192.168.1.16/chassis/power/off' -X GET -u admin:password => {"action":"off","result":true} |
||
144 | </pre> |
||
145 | |||
146 | returns status when the power is turned off (Note this only occurs when using PUT) |
||
147 | <pre> |
||
148 | curl -vks --data 'bmc_provider=freeipmi' 'http://127.0.0.1:8443/bmc/192.168.1.16/chassis/power/off' -X PUT -u admin:password => {"action":"off","result":"192.168.1.16: ok\n"} |
||
149 | </pre> |
||
150 | |||
151 | if you can't remember the basic bmc api actions you just leave things blank and the proxy will try to help you out. |
||
152 | <pre> |
||
153 | curl -vks --data 'bmc_provider=freeipmi' 'http://127.0.0.1:8443/bmc/192.168.1.16/chassis' -X GET -u admin:password => {"actions":["power","identify","config"]} |
||
154 | </pre> |
||
155 | |||
156 | 24 | Corey Osman | h4. Troubleshooting |
157 | 27 | Corey Osman | In these examples you will notice that I have turned off SSL which you should never do in a production environment, but this is a short lived development machine. |
158 | 26 | Corey Osman | If you have some weird BMC issue you can have a look at the log if your using the latest smart proxy >= 1.9. Starting with Rubyipmi 0.9.0 it will now generate a logs with all the commands and responses it runs. |
159 | 24 | Corey Osman | <pre> |
160 | curl -vks --data 'bmc_provider=freeipmi' 'http://127.0.0.1:8443/bmc/192.168.1.16/chassis/power/off' -X GET -u admin:password => {"action":"off","result":true} |
||
161 | D, [2015-03-10T16:12:57.328430 #68510] DEBUG -- : /usr/local/sbin/ipmipower --hostname=192.168.1.16 --stat --config-file=/var/folders/h6/v6nv76td37s7vqj902_z59kh0000gn/T/20150310-68510-w3rw89 |
||
162 | D, [2015-03-10T16:12:57.694174 #68510] DEBUG -- : "/usr/local/sbin/ipmipower --hostname=192.168.1.16 --stat --config-file=/var/folders/h6/v6nv76td37s7vqj902_z59kh0000gn/T/20150310-68510-w3rw89 --driver-type=LAN_2_0" |
||
163 | D, [2015-03-10T16:12:57.694256 #68510] DEBUG -- : 192.168.1.16: off |
||
164 | </pre> |
||
165 | |||
166 | 27 | Corey Osman | If you just want to test your connection to see if your BMC device works with the provided information you can now use one of the new API commands named "test". What this is doing in the background is running a bmc info command and if that |
167 | command fails it returns false. You can view the logs to see why it failed. In a later release we will detail what caused the test to fail. |
||
168 | 24 | Corey Osman | <pre> |
169 | 27 | Corey Osman | # good password |
170 | curl -vks --data 'bmc_provider=freeipmi' 'http://127.0.0.1:8443/bmc/192.168.1.16/test' -X GET -u admin:password |
||
171 | {"action":"test","result":true} |
||
172 | # bad password |
||
173 | curl -vks --data 'bmc_provider=freeipmi' 'http://127.0.0.1:8443/bmc/192.168.1.16/test' -X GET -u admin:bad_password |
||
174 | {"action":"test","result":false} |
||
175 | 24 | Corey Osman | </pre> |
176 | |||
177 | 6 | Brian Gupta | [[Draft 2.0 version of DNS API]] |
178 | 21 | Stephen Benjamin | |
179 | h3. Realm API |
||
180 | |||
181 | Draft design: http://projects.theforeman.org/projects/foreman/wiki/RealmJoinIntegration |
||
182 | |||
183 | h4. New Host |
||
184 | |||
185 | The FreeIPA returns the raw XMLRPC JSON when creating a host, however the only relevant key is "randompassword." Any other Realm providers at a minimum should return an OTP for a new host. |
||
186 | |||
187 | Example full output from FreeIPA: |
||
188 | |||
189 | <pre> |
||
190 | { |
||
191 | "dn": "fqdn=hostname.example.com,cn=computers,cn=accounts,dc=example,dc=com", |
||
192 | "fqdn": [ |
||
193 | "hostname.example.com" |
||
194 | ], |
||
195 | "has_keytab": false, |
||
196 | "has_password": true, |
||
197 | "ipauniqueid": [ |
||
198 | "5f5d467c-9fce-11e3-bcca-525400d17cb3" |
||
199 | ], |
||
200 | "managedby_host": [ |
||
201 | "hostname.example.com" |
||
202 | ], |
||
203 | "objectclass": [ |
||
204 | "ipaSshGroupOfPubKeys", |
||
205 | "ipaobject", |
||
206 | "ieee802device", |
||
207 | "nshost", |
||
208 | "top", |
||
209 | "ipaservice", |
||
210 | "pkiuser", |
||
211 | "ipahost", |
||
212 | "ipasshhost" |
||
213 | ], |
||
214 | "randompassword": "_i7@PhgpAnjn" |
||
215 | } |
||
216 | </pre> |
||
217 | |||
218 | h4. Update Host |
||
219 | |||
220 | * "rebuild=true" is passed for any host being rebuilt in order to know whether to revoke any outstanding certificates, etc. A new randompassword should be issued. |
||
221 | |||
222 | * Foreman also triggers an update if the "userclass" is being updated. You should not return a new one-time password for this, only update the attribute (if desired) and return 200. If nothing needs to be updated, you should return resposen 200 and this JSON |
||
223 | |||
224 | <pre> |
||
225 | {"message" => "nothing to do"} |
||
226 | </pre> |
||
227 | |||
228 | h4. Delete a host |
||
229 | |||
230 | The Smart Proxy will return 404 if not found, 400 for any other error. |