cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3131
Views
10
Helpful
13
Replies
Dave Lewis
Beginner

DCNM REST API

Hello,

I have DCNM (7.2.2a) operating for generating configurations from templates which are then retrieved via POAP. This is working fine and I am now in the process of writing some automation tools utilising the REST API to generate the start-up configurations and publish the POAP definition. 

However I am running into some issues and the API documentation seems to be a mixture of incomplete and incorrect. Here's what I've got working:

Get session token; Get DCNM version; Get list of config/image servers; Get list of published templates; Get list of LAN groups; Get list of DHCP scopes; listing of switch definitions; Get a particular switch definition; 

So, if anyone has got this working I'd really appreciate some answers to the following questions:

1) The call to get the LAN groups only shows top-level groups and not nested groups. Is there a parameter I can pass to get these as well?

2) The call to create a start-up configuration (/templates/populate-template/{template name}) expects an array of template parameters and values. The documentation says "You will get the templateParams in get template data API response". However the call to get an individual template appears to return a completed POAP configuration rather than an empty template. I have found using a GET on /templates/{template name} (not documented anywhere, I just guessed it based on the list of templates call) returns a list of variables/parameters but not the actual template content. Is this what I should be using to create the start-up configuration?

3) What's the difference between 'create switch definition' and 'create poap definition'? The description for 'create switch' in the documentation talks of creating a POAP definition anyway (although it is a different URL) but the parameters section makes no sense.

4) You will get the templateParams in get template data API response

I'm sure I'll have more questions once I get this part working! Thank you in advance to anyone who can assist.

I have used  7.2 REST API guide here and the DFA API guide (unfortunately mostly SOAP rather than REST) here

Dave

13 REPLIES 13
abourges
Beginner

Hi,

...experiencing similar problems when trying to automate some things in our testlab. REST API  documentation is  not complete :(

Did you find any further documentation/hints?

Thanks,

Andreas

Hi Andreas,

I have a TAC case open at the moment to try and address some of these issues. Currently the case owner is communicating with the DCNM team and I am awaiting some answers and further assistance. When I receive some more feedback I'll reply back to this thread.

Thanks,

Dave

Perfectly - thanks a lot! 

In the meantime I found some solutions inspecting the dcnm UI calls to the backend with chrome developer tools (like the undocumented "deploy network" function).

regards,

Andreas

That's an interesting approach, I remember reading somewhere in the manual that the UI just uses calls to the API to do anything. From your research does it look like its using SOAP or REST calls? 

Thanks,

Dave

...seems like they're using a mixture. When performing poap switch definitions, I saw SOAP calls. In the auto-config section (create network), I saw REST calls.

Regards,

Andreas

Jason Lunde
Beginner

Any updates to this? Running into the same issues...and not finding any good documentation. Im running DCNM 10.x and trying to use postman to deliver some pretty basic API calls.

Hi,

Unfortunately I left that role before I could finish this work although I'm now doing a similar thing with Prime Infrastructure (similar but different frustrations with that). 

From memory I got as far as creating a few working SOAP calls but I hate SOAP so I was going to wait for the dev to add REST options. I guess they haven't with 10.x yet.

I found that the SOAP call for getting groups did return all groups (including hierarchically nested ones) as opposed to the REST call which just returned top-levels. Last I heard the DCNM dev team had confirmed this and it was put on the product backlog. 

Is there a particular function you're having trouble with?

Cheers,

Dave

I honestly can't even get the logon action to work with the API. The documentation basically says POST towards https://dcnm-ip/rest/logon with basic authentication using admin:password, but they give no indication as to what the payload should look like (only saying its json).  Ive never tried/used SOAP, so if you have any examples to that end, Id be all ears.

As for the API, I did a little digging, and it appears to be using RESTEASY. I would go in, and investigate the internals and config of that a bit more, but seeing how it should just work I can't justify the time.  Thanks in advance, if you have any SOAP examples you can share. 

Jason

The soap stuff I got working was a total mess, too embarrassed to post that anywhere! The REST stuff is easier. I was using powershell, the following should be enough to get you a logon token. Apologies in advance for the dreadful coding, hope it helps get you started. Change the baseurl to https if your DCNM is listening on https, otherwise it defaults to http.

#global stuff
$dcnmserver = "yourserverFQDNorIP"
$baseurl = 'http://' + $dcnmserver + '/rest'
$baseSoapurl = 'http://' + $dcnmserver

$globalSessionExpirationTime = 1000000

#reset variables and force getting a new token
rv currentver
rv session_id

#prompt for credentials
if (!$credentials) { $credentials = Get-Credential }

function Ignore-SelfSignedCerts {
add-type -TypeDefinition @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
}#function Ignore-SelfSignedCerts

Ignore-SelfSignedCerts


function Get-DCNMToken {
param ($sessionExpirationTime, $username, $password, $url)

#create authorisation header
$BSTR = `
[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$dcnmpassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

$EncodedAuthorisation = [System.Text.Encoding]::UTF8.GetBytes($username + ':' + $dcnmpassword)
$EncodedPassword = [System.Convert]::ToBase64String($EncodedAuthorisation)

$authorisationHeaders = @{Authorization = "Basic " + $EncodedPassword}

$payload_expire = '{expirationTime:'+ $sessionExpirationTime +'}'
write-host $payload_expire
$logonURI = $url + "/logon"

$authTokenJSON = Invoke-RestMethod -Uri $logonURI -Method Post -Headers $authorisationHeaders -ContentType "application/json" -Body $payload_expire
$authToken = $authTokenJSON."Dcnm-Token"
return $authToken
}

$token = Get-DCNMToken -sessionExpirationTime $globalSessionExpirationTime -username $credentials.UserName -password $credentials.Password -url $baseurl

Hi,

...I could provide some basic python examples, if there's any need. We didn't dive any futher into DCNM, yet, but maybe we pick up work on that again towards winter.

regards,

Andreas

Hi,

 

I've had the same issue but figured it out. I am currently using Postman to do the "POST" and here is what I have configured to get the logon to work:

 

URL: https://<DCNM-IP>/rest/logon

AUTHORIZATION: Basic Auth (fill in username and password)

BODY:

{
expirationTime: 6000
}

 

Once you have the above, click "send" and it should work. The DCNM document is not clear in how you structure the expirationTime.

I am trying to do automation with DCNM 10.4. Due to lack of documentation, there is a lot of trouble understanding parameters and formats for most of the REST API calls mentioned https://Ip-add//api-docs.

 

I am trying to use python and postman, but not able to pass logon "expirationTime" on the postman. is there a format someone can help? 

 

whenever I pass just username and password with Authorization I get 500 internal server error with return of expirationTime.

 

Also, Is the documentation available here is a full version supporting API calls? is there any additional documentation?

 

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/10_0_x/rest_api/Cisco_DCNM_Rest_API_Guide_Release_10_0_x/authentication.html#71475

 

 

 

Body

{

"expirationTime": 6000000

}

 

or this

 

{"expirationTime": 60000}

I hate to keep an older thread going, but I am stuck!

 

I was able to get the login token working using the following Ansible playbook, but I can't seem to get a create network REST call to work at all. Keeps throwing an "Invalid Network Profile Parameters" error.

 

- name: Build a new DCNM network
  hosts: lab-dcnm
  connection: local
  gather_facts: no
  vars: 
    auth_password: [base64 encoding of "user:pass"]
    fabric_name: Lab
  tasks:
    - name: Authenticate against DCNM
      uri: 
        url: https://{{ ansible_host }}/rest/logon
        validate_certs: no
        method: POST
        headers:
          Authorization: "Basic {{ auth_password }}"
        body: "{expirationTime: 6000}"
        status_code: 200
      register: login

Has anyone out there ran into similar issues with the top down network creation using API calls?