Now that I got rum-pooh out of my system… on to a slightly more technical post.
Not sure if anyone of you caught the recent announcements about the new eAPI from HP’s Intelligent Management center. In a nutshell, this is a RESTful API which allows programatic access to almost all ( maybe all?) of the IMC functions through an HTTP(s) interface.
Now I’m not a programer at all, but I like to think I have a working knowledge of programing logic. At least enough to give a half-decent programmer enough information to get the job done.
So when I had a co-worker present me with a problem earlier this week, I thought “Hey, I wonder what this new eAPI can really do?”. I did mention I’m not a programer right? After this little exercise, I’m thinking I might just have to pick up some scripting skills this year. 🙂
So what’s the value of the eAPI? It functionally allows IMC to act as the progamatic upper layer APIs and abstracts the actual management task from the underlying hardware devices.
In less complicated terms; it means that a program can say “Hey, IMC change the VLAN on this port” and IMC, assuming IMC actually supports that particular device, it will change the VLAN on that port.
INDEPENDANT OF THE ACTUAL VENDOR
Yup. That’s right. IMC doesn’t care if that device is a HP 5500EI ( comware ), a HP 3800 ( procurve), or even a Cisco Catalyst 3560. From the perspective of the developer on the other side. It’s as simple as “Hey, IMC change the VLAN on this port”.
So the actual challenge I was given was the following.
” A customer wants to take a bar-code reader, scan in the MAC address of a device, plug it into the network, push a button and then have IMC automatically put it in the right VLAN”.
Now first I had to break that down into the various components.
1) Bar-code reader scans the MAC address
2) Program has to capture the MAC address for use in the %mac-address% variable in the script.
3) Find the device in the network
Hmmm… this could be more difficult than I thought.
So, I need to mock this up, so I break out to a windows CMD prompt.
Ping a known address ( my Synology NAS — LOVE THIS PRODUCT ). And then put do a arp -a to get the following output
10.101.0.51 00-11-32-10-03-8b
Now if I was using the IMC web-interface, I would just use the Resource-Terminal Access-Real-Time Location feature which will, you guessed it, locate a host in real-time using the mac-address or the IP address.
Hmmm… that kinda sucks for output for the script to leverage. So I went and looked at the eAPI documentation and came out with this little baby
The eAPI call is the following ( if you wanted to search for an IP address you would use type=2 instead of 1 )
( Don’t click this, it won’t take you anywhere)
http://10.101.0.201:8080/imcrs/res/access/realtimeLocate?type=1&value=00-11-32-10-03-8b
The return is the following
<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes” ?>
– <list>
– <realtimeLocation>
<locateIp>00:11:32:10:03:8b</locateIp>
<deviceIp>10.101.0.221</deviceIp>
<ifDesc>GigabitEthernet1/0/21</ifDesc>
</realtimeLocation>
</list>
Yup. Good old XML. Easy to apply transforms or grab variables. Programmers love this stuff.
4) So now I have the device IP (switch) that this is plugged into, and the ifDesc which is the actual interface it’s located on. So now I have to figure out how to apply the VLAN to this interface. So I break out the trusty eAPI documentation and start looking for the VLAN section.
Hmmm… I have the devIP and the ifDesc.. not the devID and the ifIndex
note to self: Feedback to the developers to have the first command return the devID and the ifIndex variables
So now I have to find the devID and the ifIndex for that devIP and intDesc
5a) Now if I was on the trusty IMC web interface, I would go to the device resource page… hmmm… that doesn’t appear to be there. I guess instead, let’s go to the eAPI documentation and look for something that looks like a dev query.
Yup. It’s actually called devquery. And it looks like I can filter based on the device IP.
Cool. So now I can search for the specific device IP and hope we get the devID variable back that we need for the VLAN call.
http://10.101.0.201:8080/imcrs/plat/res/device?ip=10.101.0.221
The return is the following
<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes” ?>
– <list>
– <device>
<id>15</id> ———————————————- This is the device ID that we need to reference later
<label>HP_5500EI</label>
<ip>10.101.0.221</ip>
<mask>255.255.255.0</mask>
<status>1</status>
<statusDesc>Normal</statusDesc>
<sysName>HP_E5500EI</sysName>
<contact>HP Montreal</contact>
<location>Marlborough, MA 01752 USA</location>
<sysOid>1.3.6.1.4.1.43.1.16.4.3.36</sysOid>
<sysDescription>HP_5500EI</sysDescription>
<devCategoryImgSrc>Switch</devCategoryImgSrc>
<topoIconName>stack</topoIconName>
<categoryId>1</categoryId>
<symbolId>1022</symbolId>
<symbolName>HP_5500EI</symbolName>
<symbolType>3</symbolType>
<symbolDesc>HP_5500EI</symbolDesc>
<symbolLevel>3</symbolLevel>
<parentId>1003</parentId>
<typeName>3Com S4800G PWR 24-Port</typeName>
<mac>00:1e:c1:dc:fc:01</mac>
<link op=”GET” rel=”self” href=”http://10.101.0.201:8080/imcrs/plat/res/device/15” />
</device>
</list>
There it is. DevID is “15”.
5b) So now we need to figure out that ifIndex value associated with <ifDesc>GigabitEthernet1/0/21</ifDesc> that we pulled above.
If I was in the webinterface, I would simply go to the device ( 10.101.0.221 ), click on the interface list, click on interface Gig 1/0/21 and I would pull out the ifIndex from the interface…
But again, those programmers don’t want HTML, they want an easy XML output that they can play with. So let’s find that…
http://10.101.0.201:8080/imcrs/plat/res/device/15/interface?start=1&size=100
This returns a whole bunch of data for all the interfaces on the switch, but I’m sure that any decent programmer can write a regex expression to only return the one who’s ifDesc value is for Gig 1/0/21, right?
– <interface>
<ifIndex>21</ifIndex> ——————————————–In this case, the ifindex value is the same as the port number. That’s not always going to be true. This is the other variable for the set VLAN
<ifType>6</ifType>
<ifTypeDesc>ETHERNETCSMACD</ifTypeDesc>
<ifDescription>GigabitEthernet1/0/21</ifDescription>
<adminStatus>1</adminStatus>
<adminStatusDesc>Up</adminStatusDesc>
<showStatus>2</showStatus>
<statusDesc>Down</statusDesc>
<operationStatus>2</operationStatus>
<operationStatusDesc>Down</operationStatusDesc>
<ifspeed>10000000</ifspeed>
<appointedSpeed>-1</appointedSpeed>
<ifAlias>GigabitEthernet1/0/15 Interface</ifAlias>
<phyAddress>00:1e:c1:dc:fc:4f</phyAddress>
<mtu>1522</mtu>
<lastChange>4 day(s) 21 hour(s) 39 minute(s) 50 second(s) 990 millisecond(s)</lastChange>
<lastChangeTime>42359099</lastChangeTime>
<filterTrapStatus>0</filterTrapStatus>
</interface>
So now we have the DevID 15 and the ifIndex for the actual interface where that MAC-address is located.
So let’s go back to the set that VLAN
Let’s assume that you wanted to put the device in VLAN 20, you would run the following
http://10.101.0.201:8080/imcrs/vlan/20?devId=15&ifIndex21
That’s about it for the task. Now any decent programmer is going to have to put in some checking and error handling, for instance, you might want to check whether or not that VLAN actually EXISTS on the switch. ( Can’t put a VLAN on a port if the VLAN doesn’t exist on the switch, right? ) or maybe return an error if the MAC-address is actually seen on two interfaces, but in a nutshell that’s it.
note: I would also suggest that the dev actually bounce the port to make sure that the device hasnt’ gotten locked in with a DHCP address on the wrong subnet.
/plat/res/device/{deviceId}/interface/{ifIndex}/down to down the interface
so for use that would be /plat/res/device/15/interface/21/down
and then immediately do a
/plat/res/device/{deviceId}/interface/{ifIndex}/up
or again for us /plat/res/device/15/21/up
Now whether the actual switch commands are “switchport acces vlan 20 ” or ” port access vlan 20 ” or some other variation on a theme doesn’t actually matter to your devOps team. They just write the code to follow the steps and IMC and the eAPI will take care of the rest.
Pretty cool stuff. 🙂
@netmanchris
kontrolissues 
Cheess Man.
Hi! First of all a great thank you for all of this information!
I do have a question regarding access the vlans for an example. I do get a 403 forbidden error whenever I am trying to do that. If i request for Devices no problem. I have checked my security setting in the web.xml file just to do something, but iy has a .* in the parameter so that should be okay.
I hope you in some way can enlight me!
Thank you
Br Mads
H Mads,
403 is an authentication error. Does the account you’re using have access to the eapi? oPerator groups can be used to disable access.
Just double checking, but are you running IMC standard or Enterprise? tHe standard version currently requires an add-on license. There’s talk of including that in the future but you would have to confirm with someone from HP to see if that’s changed or not.
@netmanchris
Thank you very much for your fast reply!
I can access the imc alarm with this: /imcrs/fault/alarm?recStatus=0&alarmLevel=1&size=1000 and get json in return, but something like the vlan returns a forbidden error.
I am using the admin account which as far I can see in the documentation has all priveleges from the administrator group.
when I call the /imcrs/application.wadl I get get the full XML in return. I am confused.
I am using the standard with a add on trial license to test the API before purchasing.
Thank you
How are you accessing the eAPI? Sounds like you have a problem with your auth handler.
I’ve seen a recent issues with some of the calls from the rsDocs interface, but the same calls worked great from my Python code.
If you’re on Twitter. DM me and we can try and figure it out.
@netmanchris
Hi Chris, Just followed you on twitter so I can dm you. (Mr_Strange)
I am accessing with the python example and some of the request works fine, but some returns the 403 error.
I just made a C# console app today but I must admit I didn’t try the vlan request which failed with python, I was more focused on getting it all up and running:)
I will get back to you on monday when I return to my job. Have a nice weekend!
Cool I’ll look for the follow and we can try and figure it out.
Hi Chris,
I just tried yesterday to find a solution, I am sure it has to be some server related stuff. It is possible to connect to IMC and get devices and alarms but with vlan I just get a forbidden error.
I am pulling hair at the moment 🙂
I tried different Auth handlers in C# but they all work until I request the vlan. And probably other as well.
Hmmm… Not sure.
There’s a P16 patch that just came out. I know there was an issue with the delete vlan call in the P13 but it’s resolved now. Not sure if this will help you but I’ve put together the start of a python library here https://github.com/HPNetworking/HP-Intelligent-Management-Center/ the get_dev_vlans function works, at least on devices that IMC supports with the VLAN manager. What HTTP error code are you getting?
BTW Sorry for the late response; travelling all last week.
@netmanchris