BIG-IPのAPIを調べてみたので、メモしておく。
使えそうなマニュアルはこれあたりか。
Ver11.5以上じゃないとRest APIは対応していない。
Ver11.4以前だとSOAPベースだと思われる。
https://x.x.x.x/mgmt/tm/net/
https://x.x.x.x/mgmt/tm/ltm/
で公開しているAPIのURL一覧が取得可能。(LB周りの設定は後者がメイン)
Bae64形式でのユーザ名、パスワード指定が可能。(セキュリティ的にはあんまり意味ないと思うけど。)
BIG-IPで利用可能なAPIざっくり一覧
$ curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/net/ | python -m json.
tool
{
"items": [
{
"reference": {
"link": "https://localhost/mgmt/tm/net/cos?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/fdb?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/ipsec?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/rate-shaping?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/tunnels?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/arp?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/bwc-policy?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/dns-resolver?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/interface?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/lldp-globals?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/ndp?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/packet-filter?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/packet-filter-trusted?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/port-mirror?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/route?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/route-domain?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/router-advertisement?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/self?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/self-allow?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/stp?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/stp-globals?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/trunk?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/vlan?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/vlan-group?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/net/wccp?ver=11.5.1"
}
}
],
"kind": "tm:net:netcollectionstate",
"selfLink": "https://localhost/mgmt/tm/net?ver=11.5.1"
}
$ curl -sk -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/ltm | python -m json.tool
{
"items": [
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/auth?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/data-group?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/dns?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/global-settings?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/html-rule?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/message-routing?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/monitor?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/persistence?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/profile?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/default-node-monitor?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/ifile?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/nat?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/node?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/policy?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/policy-strategy?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/pool?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/rule?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/snat?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/snat-translation?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/snatpool?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/traffic-class?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/virtual?ver=11.5.1"
}
},
{
"reference": {
"link": "https://localhost/mgmt/tm/ltm/virtual-address?ver=11.5.1"
}
}
],
"kind": "tm:ltm:ltmcollectionstate",
"selfLink": "https://localhost/mgmt/tm/ltm?ver=11.5.1"
}
LTM関連(LB設定周り)のAPI一覧
/mgmt/tm/ltm/self で自身の設定情報の確認が可能
/mgmt/tm/ltm/node でNode情報の一覧を取得
/mgmt/tm/ltm/pool でpool情報の一覧を取得
/mgmt/tm/ltm/virtual-address でVIP情報の一覧を取得
$ curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/net/self | python -m j
son.tool
{
"items": [
{
"address": "172.26.0.241/24",
"allowService": [
"default"
],
"floating": "disabled",
"fullPath": "/Common/internal",
"generation": 377,
"inheritedTrafficGroup": "false",
"kind": "tm:net:self:selfstate",
"name": "internal",
"partition": "Common",
"selfLink": "https://localhost/mgmt/tm/net/self/~Common~internal?ver=11.5.1",
"trafficGroup": "/Common/traffic-group-local-only",
"unit": 0,
"vlan": "/Common/internal"
},
{
"address": "158.205.142.253/27",
"floating": "disabled",
"fullPath": "/Common/external",
"generation": 30,
"inheritedTrafficGroup": "false",
"kind": "tm:net:self:selfstate",
"name": "external",
"partition": "Common",
"selfLink": "https://localhost/mgmt/tm/net/self/~Common~external?ver=11.5.1",
"trafficGroup": "/Common/traffic-group-local-only",
"unit": 0,
"vlan": "/Common/external"
},
{
"address": "158.205.142.254/27",
"floating": "enabled",
"fullPath": "/Common/external_floating",
"generation": 1,
"inheritedTrafficGroup": "false",
"kind": "tm:net:self:selfstate",
"name": "external_floating",
"partition": "Common",
"selfLink": "https://localhost/mgmt/tm/net/self/~Common~external_floating?ver=11.5.1",
"trafficGroup": "/Common/traffic-group-1",
"unit": 1,
"vlan": "/Common/external"
}
],
"kind": "tm:net:self:selfcollectionstate",
"selfLink": "https://localhost/mgmt/tm/net/self?ver=11.5.1"
}
BIG-IPにRestAPIで実際に設定してみる
IP設定
BIG-IPのexternal vlanにIPアドレス 1.1.1.1 を設定してみる。
(Vlan "external"は予め設定されている必要がある。)
$ curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/net/self/ -H 'Content-Type: application/json' -X POST -d '{"name":"test-selfip","address":"1.1.1.1/24","vlan":"external"}'
Node追加
testdescriptionという名前の192.168.0.1というNodeを登録してみる。
$ curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/ltm/node -H 'Content-Type: application/json' -X POST -d '{"address": "192.168.0.1","description": "testdescription","name": "testname"}'
{"kind":"tm:ltm:node:nodestate","name":"testname","fullPath":"testname","generation":36,"selfLink":"https://localhost/mgmt/tm/ltm/node/testname?ver=11.5.1","address":"192.168.0.1","connectionLimit":0,"description":"testdescription","dynamicRatio":1,"logging":"disabled","monitor":"default","rateLimit":"disabled","ratio":1,"session":"monitor-enabled","state":"checking"}[
Poolへのmember追加
"~Common~pool_hogehoge"は既に存在しているpool名を入力、nameには先ほど作成したNodeを指定。
$ curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/ltm/pool/~Common~pool_hogehoge/members -H 'Content-Type: application/json' -X POST -d '{"name": "testname:80"}'
{"kind":"tm:ltm:pool:members:membersstate","name":"testname:514","fullPath":"testname:514","generation":38,"selfLink":"https://localhost/mgmt/tm/ltm/pool/~Common~pool_hogehoge/members/testname:80?ver=11.5.1"}
設定のSync
curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx" https://x.x.x.x/mgmt/tm/cm -H 'Content-Type: application/json' -X POST -d '{"command":"run","utilCmdArgs":"config-sync to-group device-group1"}'
削除
MethodをDELETEに変える。JSON等での引数は不要。
Poolのmember削除
curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx==" -X DELETE https://x.x.x.x/mgmt/tm/ltm/pool/~Common~pool_hogehoge/members/~Common~testname:514
Node削除
curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx==" -X DELETE https://x.x.x.x/mgmt/tm/ltm/node/~Common~testname
設定のSync
curl -sk -H "Authorization: Basic xxxxxxxxxxxxxx==" https://x.x.x.x/mgmt/tm/cm -H 'Content-Type: application/json' -X POST -d '{"command":"run","utilCmdArgs":"config-sync to-group device-group1"}'