Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1554
Views
0
Helpful
2
Replies

HX API through PowerShell

Go to solution
srehling
Cisco Employee
Cisco Employee

‎06-05-2018 05:58 AM - edited ‎03-01-2019 01:34 PM

I am trying to create a framework for Powershell access to the HX API. I cannot seem to get past authentication. PowerShell is preferred, because follow-on actions are going to be in PowerCLI.  Basically looking to obtain a list of nodes. Put each node in Maintenance mode. Complete actions. Return the node to service. Verify that the cluster returns to a healthy state, and repeat for other nodes in the cluster until the entire cluster is finished. The same framework would be used for putting nodes in HX Maintenance mode, and then initiate patches from VUM.


At this point, I am just trying to figure out the authentication piece.  This method works fine with ACI and UCS. It appears something is unique about the HX API.

Any ideas what I am doing wrong?

add-type @"

    using System.Net;

    using System.Security.Cryptography.X509Certificates;

    public class TrustAllCertsPolicy : ICertificatePolicy {

        public bool CheckValidationResult(

            ServicePoint srvPoint, X509Certificate certificate,

            WebRequest request, int certificateProblem) {

            return true;

        }

    }

"@

[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

$authString = """

{

    'username':      'administrator@vsphere.local',

    'password':      'SomePassword',

    'client_id':     'HxGuiClient',

    'client_secret': 'Sunnyvale',

    'redirect_uri' :  'http://localhost:8080/aaa/redirect'

}

"""

Invoke-WebRequest -uri 'https://HXIP/auth?grant_type=password' -Method Post -Body $authString -ContentType 'application/json'

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
srehling
Cisco Employee
Cisco Employee

‎07-24-2018 08:13 AM

I did get this worked out, and thought others might come looking for the same code. Here is example PowerShell code to authenticate with HyperFlex:

 

First off, I strongly recommend that you include the following lines so that TLS 1.2 will work:

 

 

# Allows self signed certificates and support TLS 1.2 only. 
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy # Trusting all certicates based on new type above
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12      # Setting TLS to 1.2

I am not providing a  method of populating user name and password, but for the example I am assuming you have those has a string assigned to $user and $password. You build the authorization string in this manner:

 

 

$authString = @{
    'username'=$user;
    'password'=$password;
    'client_id'='HxGuiClient';
    'client_secret'='Sunnyvale';
    'redirect_uri'='http://localhost:8080/aaa/redirect'} | 
        convertto-json # Converts the hash table to JSON, which is the required format for authentication.

It is important to node that client_id and client_secret are static and should not be changed. redirect_uri is also a static entry. 

 

Finally, assign an IP or resolvable DNS name to $server.  Your authorization request will look like this:

 

$authResponse = (Invoke-WebRequest -uri "https://$server/aaa/v1/auth?grant_type=password" -Method Post -Body $authString -ContentType 'application/json')

 

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
srehling
Cisco Employee
Cisco Employee

‎07-24-2018 08:13 AM

I did get this worked out, and thought others might come looking for the same code. Here is example PowerShell code to authenticate with HyperFlex:

 

First off, I strongly recommend that you include the following lines so that TLS 1.2 will work:

 

 

# Allows self signed certificates and support TLS 1.2 only. 
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy # Trusting all certicates based on new type above
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12      # Setting TLS to 1.2

I am not providing a  method of populating user name and password, but for the example I am assuming you have those has a string assigned to $user and $password. You build the authorization string in this manner:

 

 

$authString = @{
    'username'=$user;
    'password'=$password;
    'client_id'='HxGuiClient';
    'client_secret'='Sunnyvale';
    'redirect_uri'='http://localhost:8080/aaa/redirect'} | 
        convertto-json # Converts the hash table to JSON, which is the required format for authentication.

It is important to node that client_id and client_secret are static and should not be changed. redirect_uri is also a static entry. 

 

Finally, assign an IP or resolvable DNS name to $server.  Your authorization request will look like this:

 

$authResponse = (Invoke-WebRequest -uri "https://$server/aaa/v1/auth?grant_type=password" -Method Post -Body $authString -ContentType 'application/json')

 

 

0 Helpful

Go to solution
srehling
Cisco Employee
Cisco Employee

‎07-24-2018 08:14 AM

I did get this worked out, and thought others might come looking for the same code. Here is example PowerShell code to authenticate with HyperFlex:

 

First off, I strongly recommend that you include the following lines so that TLS 1.2 will work:

 

 

# Allows self signed certificates and support TLS 1.2 only. 
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy # Trusting all certicates based on new type above
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12      # Setting TLS to 1.2

I am not providing a  method of populating user name and password, but for the example I am assuming you have those has a string assigned to $user and $password. You build the authorization string in this manner:

 

 

$authString = @{
    'username'=$user;
    'password'=$password;
    'client_id'='HxGuiClient';
    'client_secret'='Sunnyvale';
    'redirect_uri'='http://localhost:8080/aaa/redirect'} | 
        convertto-json # Converts the hash table to JSON, which is the required format for authentication.

It is important to node that client_id and client_secret are static and should not be changed. redirect_uri is also a static entry. 

 

Finally, assign an IP or resolvable DNS name to $server.  Your authorization request will look like this:

 

$authResponse = (Invoke-WebRequest -uri "https://$server/aaa/v1/auth?grant_type=password" -Method Post -Body $authString -ContentType 'application/json')

 

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card