BIG-IPのRest API

  • 9
    いいね
  • 0
    コメント
この記事は最終更新日から1年以上が経過しています。

BIG-IPのAPIを調べてみたので、メモしておく。

使えそうなマニュアルはこれあたりか。

Ver11.5以上じゃないとRest APIは対応していない。
Ver11.4以前だとSOAPベースだと思われる。

https://x.x.x.x/mgmt/tm/net/
https://x.x.x.x/mgmt/tm/ltm/
で公開しているAPIのURL一覧が取得可能。(LB周りの設定は後者がメイン)

Bae64形式でのユーザ名、パスワード指定が可能。(セキュリティ的にはあんまり意味ないと思うけど。)

BIG-IPで利用可能なAPIざっくり一覧

$ curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/net/ | python -m json.
tool
{
    "items": [
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/cos?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/fdb?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/ipsec?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/rate-shaping?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/tunnels?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/arp?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/bwc-policy?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/dns-resolver?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/interface?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/lldp-globals?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/ndp?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/packet-filter?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/packet-filter-trusted?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/port-mirror?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/route?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/route-domain?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/router-advertisement?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/self?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/self-allow?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/stp?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/stp-globals?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/trunk?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/vlan?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/vlan-group?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/net/wccp?ver=11.5.1"
            }
        }
    ],
    "kind": "tm:net:netcollectionstate",
    "selfLink": "https://localhost/mgmt/tm/net?ver=11.5.1"
}
$ curl -sk -sk -H "Authorization: Basic xxxxxxxxxxxxxx"  https://x.x.x.x/mgmt/tm/ltm | python -m json.tool
{
    "items": [
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/auth?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/data-group?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/dns?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/global-settings?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/html-rule?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/message-routing?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/monitor?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/persistence?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/profile?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/default-node-monitor?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/ifile?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/nat?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/node?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/policy?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/policy-strategy?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/pool?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/rule?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/snat?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/snat-translation?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/snatpool?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/traffic-class?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/virtual?ver=11.5.1"
            }
        },
        {
            "reference": {
                "link": "https://localhost/mgmt/tm/ltm/virtual-address?ver=11.5.1"
            }
        }
    ],
    "kind": "tm:ltm:ltmcollectionstate",
    "selfLink": "https://localhost/mgmt/tm/ltm?ver=11.5.1"
}

LTM関連(LB設定周り)のAPI一覧

/mgmt/tm/ltm/self で自身の設定情報の確認が可能
/mgmt/tm/ltm/node でNode情報の一覧を取得
/mgmt/tm/ltm/pool でpool情報の一覧を取得
/mgmt/tm/ltm/virtual-address でVIP情報の一覧を取得

$ curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/net/self | python -m j
son.tool
{
    "items": [
        {
            "address": "172.26.0.241/24",
            "allowService": [
                "default"
            ],
            "floating": "disabled",
            "fullPath": "/Common/internal",
            "generation": 377,
            "inheritedTrafficGroup": "false",
            "kind": "tm:net:self:selfstate",
            "name": "internal",
            "partition": "Common",
            "selfLink": "https://localhost/mgmt/tm/net/self/~Common~internal?ver=11.5.1",
            "trafficGroup": "/Common/traffic-group-local-only",
            "unit": 0,
            "vlan": "/Common/internal"
        },
        {
            "address": "158.205.142.253/27",
            "floating": "disabled",
            "fullPath": "/Common/external",
            "generation": 30,
            "inheritedTrafficGroup": "false",
            "kind": "tm:net:self:selfstate",
            "name": "external",
            "partition": "Common",
            "selfLink": "https://localhost/mgmt/tm/net/self/~Common~external?ver=11.5.1",
            "trafficGroup": "/Common/traffic-group-local-only",
            "unit": 0,
            "vlan": "/Common/external"
        },
        {
            "address": "158.205.142.254/27",
            "floating": "enabled",
            "fullPath": "/Common/external_floating",
            "generation": 1,
            "inheritedTrafficGroup": "false",
            "kind": "tm:net:self:selfstate",
            "name": "external_floating",
            "partition": "Common",
            "selfLink": "https://localhost/mgmt/tm/net/self/~Common~external_floating?ver=11.5.1",
            "trafficGroup": "/Common/traffic-group-1",
            "unit": 1,
            "vlan": "/Common/external"
        }
    ],
    "kind": "tm:net:self:selfcollectionstate",
    "selfLink": "https://localhost/mgmt/tm/net/self?ver=11.5.1"
}

BIG-IPにRestAPIで実際に設定してみる

IP設定

BIG-IPのexternal vlanにIPアドレス 1.1.1.1 を設定してみる。
(Vlan "external"は予め設定されている必要がある。)

$ curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/net/self/ -H 'Content-Type: application/json' -X POST -d '{"name":"test-selfip","address":"1.1.1.1/24","vlan":"external"}'

Node追加

testdescriptionという名前の192.168.0.1というNodeを登録してみる。

$ curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/ltm/node -H 'Content-Type: application/json' -X POST -d '{"address": "192.168.0.1","description": "testdescription","name": "testname"}'

{"kind":"tm:ltm:node:nodestate","name":"testname","fullPath":"testname","generation":36,"selfLink":"https://localhost/mgmt/tm/ltm/node/testname?ver=11.5.1","address":"192.168.0.1","connectionLimit":0,"description":"testdescription","dynamicRatio":1,"logging":"disabled","monitor":"default","rateLimit":"disabled","ratio":1,"session":"monitor-enabled","state":"checking"}[

Poolへのmember追加

"~Common~pool_hogehoge"は既に存在しているpool名を入力、nameには先ほど作成したNodeを指定。

$ curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/ltm/pool/~Common~pool_hogehoge/members -H 'Content-Type: application/json' -X POST -d '{"name": "testname:80"}'

{"kind":"tm:ltm:pool:members:membersstate","name":"testname:514","fullPath":"testname:514","generation":38,"selfLink":"https://localhost/mgmt/tm/ltm/pool/~Common~pool_hogehoge/members/testname:80?ver=11.5.1"}

設定のSync

curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/cm -H 'Content-Type: application/json' -X POST -d '{"command":"run","utilCmdArgs":"config-sync to-group device-group1"}'

削除

MethodをDELETEに変える。JSON等での引数は不要。

Poolのmember削除

curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx==" -X DELETE https://x.x.x.x/mgmt/tm/ltm/pool/~Common~pool_hogehoge/members/~Common~testname:514

Node削除

curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx==" -X DELETE https://x.x.x.x/mgmt/tm/ltm/node/~Common~testname

設定のSync

curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx==" https://x.x.x.x/mgmt/tm/cm -H 'Content-Type: application/json' -X POST -d '{"command":"run","utilCmdArgs":"config-sync to-group device-group1"}'