关于作者
Richard is a network engineer with more than eight years of experience and multiple industry certifications. He works for a large nonprofit as a network engineer, where he is responsible for the network...
全文
For years we have been hearing about the value of network programmability, how we should all learn Python, and start automating more of our work. For over 30 years, we as network engineers have been using these antiquated CLI methods of design and implementation. While we have had some improvements through our NMS or creating prebuilt standard templates to copy and paste configurations from, it hasn’t been until recently that our tasks have been truly able to become automated.
Take the Aruba 8400 core switch running ArubaOS-CX. The team at Aruba built AOS-CX with APIs at the forefront of everything they were doing. These APIs provide flexibility to the operators deploying networks and to the tools they connect with. An example of the flexibility within the 8400 is the use of LXC Containers that can run Python scripts as agents on the same hardware, allowing for real-time access to data for analytics. If a problem is detected using the built-in Network Analytics Engine, the agents can repair the problem automatically.
API和编程改进保存权杖ad to other products within the Aruba ecosystem, ushering in a new era of NetOps. For example, ArubaOS 8 introduced the Swagger interface to the Mobility Controllers, exposing their entire API to administrators and allowing operations to be run right within the browser. All on the controller – without the need to run any special software!
Below is a screenshot taken from the Aruba 7005 controller running ArubaOS 8.4.0.1 within the Swagger interface. To follow along, if you’re running ArubaOS 8.x, simply go to:https://
从这里,我们可以运行各种命令来从控制器那里收集信息。在这里,我们要求控制器从配置中获取配置的SSID配置文件。只需在WLAN和 /Object /ssid_prof下扩展Get请求,然后单击“尝试”!
笔记如果您正在运行独立控制器,则可能必须从/毫米至/毫米/mynode.
After clicking the Try it out! function, the window expands to review the requested information in JSON format. The output even gives us the curl syntax and request URL if we wanted to request this output from another system.
现在,我们可以从控制器中获取数据,让我们使用POST方法进行一些更改。使用控制器菜单下的post /object /vlan_id选项,我们可以添加JSON信息以创建新的VLAN。如果单击提供的示例模式,它将自动填充车身以易于编辑。在此示例中,我们正在创建VLAN 20。
成功!如果要查看UI或获得VLAN_ID,则应看到尚未添加新的VLAN。那是因为我们需要保存配置,就像我们通常从UI或CLI创建VLAN时一样。为此,我们运行post /object /write_memory来保存控制器的配置。
Finally, we can perform a GET on /object/vlan_id to verify that our change has been successfully issued.
恭喜!您刚刚对您的第一个更改进行了编程!让我们将此更改带入一个python脚本中,并通过脚本和可编程性显示出灵活性。Grab the full script at my GitHub repository.
In this script we will:
- Log into the Aruba 7005 Controller on AOS 8.4.0.1
- 检索我们的uid和cookie值
- Display the current VLANs
- 创建一个新的VLAN
- Save the configuration
- 显示VLAN的更新列表
导入JSON
导入argparse
从Pprint Import Pprint
导入URLLIB3#没有SSL证书的控制器的Supress错误消息
urllib3.disable_warnings(urllib3.exceptions.insecurreequestwarning)parser = argparse.argumentparser()
parser.add_argument('--ip', type=str, help="Controller IP address")
parser.add_argument('--user', type=str, help="Username")
parser.add_argument(' - 密码',type = str,help =“密码”)
parser.add_argument(' - vlan',type = str,help =“ vlan”)
args = parser.parse_args()# Log into Aruba Controller and retrieve UIDARUBA for API access
r = requests.get(url='https://' + args.ip + ':4343/v1/api/login?username=' \
+ args.user +'&password=' + args.password, verify=False)
logindata = r.json()
uid = logindata ['_ global_result'] ['uidaruba']
cookies = {'session':uid}
print(“我们为此会话的UID是:“ + uid)#获取API检索控制器上的VLAN处于活动状态
print("Retreiving Existing VLAN Information \n")
getvlan_id = requests.get(url="https://" + args.ip + ":4343/v1/configuration/object/vlan_id?config_path=%2Fmm&UIDARUBA=" + uid, verify=False, cookies=cookies)
vlandata = getvlan_id.json()
Pprint(Vlandata,缩进= 3)
# POST API to create a new VLAN
打印(“创建Vlan:” + args.vlan)
身体= {'id':args.vlan}
headers = {'content-type': 'application/json'}
POSTVLAN_ID = requests.post(url ='https://' + args.ip +“:4343/v1/configuration/object/object/vlan_id?config_path =%2fmm&uidaruba =” + uid,uid,data = json.dumps(hody),hody),headers(headers),headers,headers ewneder=标题,验证= false,cookies = cookie)
print(postvlan_id)
#发布API以保存配置
打印(“保存配置”)
w = requests.post(url =“ https://” + args.ip +“:4343/v1/configuration/configuration/object/write_memory?config_path =%2fmm&uidaruba =” + uid,verify = felasify = false,cookies = cookies = cookies))
print("Complete!")
#获取API检索更新的VLAN列表
print("Retreiving Existing VLAN Information \n")
getvlan_id = requests.get(url="https://" + args.ip + ":4343/v1/configuration/object/vlan_id?config_path=%2Fmm&UIDARUBA=" + uid, verify=False, cookies=cookies)
vlandata = getvlan_id.json()
Pprint(Vlandata,缩进= 3)
使用Argsparse模块,我们可以将参数从命令行传递到Python脚本。在此命令中,我们说连接到控制器192.168.128.120使用的用户名admin使用密码密码我们想创建VLAN30. I hope you have a more secure password than this for your environment.
运行后,脚本将登录控制器的API登录。在这里,它将检索在此会话中运行任何其他API调用所需的UID和Cookie值。请务必在脚本中注意,需要cookie以及发送的UID。如果您只发送一个或另一个,则操作将失败,您将收到一个401未经授权错误。UID和Cookie值是相同的,但在每个登录时都会更改。
成功!As you can see in the output above, we have successfully connected to our controller and created VLAN 30. We can also confirm this by using the WebUI.
我希望这能帮助您看到Python的价值以及您可以发挥的灵活性和强大性。如果您想了解有关Python的更多信息,我建议您研究Kirk Byers网络工程师的Python课程。Kirk还通过电子邮件为刚刚起步的人提供免费的Python课程。同样,请务必查看Aruba GitHub和阿鲁巴解决方案交换for more great tools and scripts.
阅读我的其他博客
Cybersecurity in a Zero Trust Architecture
