Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to execute Contrail Service Orchestrator HTTP API requests through CLI

0

0

Article ID: KB34116 KB Last Updated: 05 Dec 2019Version: 3.0
Summary:

The Juniper Network’s Cloud Services Orchestration (CSO) APIs allow you to use the same CSO capabilities available through the Web user interface (UI). These APIs can be used for automating various tasks, deploy and monitor services.  CSO uses modular components, available through the distributed microservices that use RESTful (CRUD), HTTP remote procedure call (RPC), and JavaScript Object Notation (JSON) requests. HTTP APIs are used to facilitate communication between microservices.

This article explains how to execute Contrail Service Orchestrator RESTful API requests through CLI.
For further information regarding CSO API, Kindly refer to CSO HTTP API Reference and Developer Guide

Solution:
  1. Generate a Token which will be used for authentication on subsequent requests. There are 2 types of tokens; tenant scoped token and global scoped token.

    Generating Tenant Scoped Token:

    curl http:// <CSO IP> :5000/v3/auth/tokens  -k -s -i -H "Content-Type: application/json" -d \
      ' {
     "auth":{
        "identity":{
           "methods":[
              "password"
           ],
           "password":{
              "user":{
                 "name":"cspadmin",     
                 "domain":{
                    "id":"default"
                 },
                 "password":"Passw0rd@123"    
              }
           }
        },
        "scope":{
           "project":{
              "domain":{
                 "id":"default"
              },
              "name":"TenantA"      
           }
        }
     }
    } '

    In the above example, ‘cspadmin’ username and password is used for authentication and to generate token for TenantA.

    Note: CSO IP address should be replaced with IP address or DNS name based on CSO deployment mode as shown below:

    Small Deployment - Central Mircro Services VM  IP
    Medium Deployment - Central VIP  IP
    Large Deployment - Central VIP  IP

    Generating Global/all-tenants scoped Token:

    curl http:// <CSO IP> :5000/v3/auth/tokens  -k -s -i -H "Content-Type: application/json" -d \
     
     ' {
     "auth":{
        "identity":{
           "methods":[
              "password"
           ],
           "password":{
              "user":{
                 "name":"cspadmin",    
                 "domain":{
                    "id":"default"
                 },
                 "password":"Passw0rd@123"    
              }
           }
        },
        "scope":{
           "project":{
              "domain":{
                 "id":"default"
              },
              "name":"admin"      
           }
        }
     }
    } '

    In the above example, 'cspadmin' username and password was used for authentication and to get the token for global/all-tenant. It is mandatory to use 'cspadmin' user to get the admin scoped / global scoped token.

    Note: CSO IP address should be replaced with IP address or DNS name based on CSO deployment mode as shown below:

    Small Deployment - Central Mircro Services VM  IP
    Medium Deployment - Central VIP  IP
    Large Deployment - Central VIP  IP
  2. Copy the X-Subject-Token from the above command result and export it to TOKEN variable as shown below:

    export TOKEN=<ID copied from above result >

    Here is the example output showing X-Subject-Token resulted from step1

    HTTP/1.1 201 Created
    Date: Fri, 29 Mar 2019 17:36:04 GMT
    Server: Apache/2.4.7 (Ubuntu)
    X-Subject-Token: 64c7d8611831428cb7b66fb343d5ca07  <<< Token ID
    Vary: X-Auth-Token
    X-Distribution: Ubuntu
    x-openstack-request-id: req-6301c665-9577-484e-9c7e-568c15fce45c
    Content-Length: 3016
    Content-Type: application/json
  3. Execute the desired API requests through CLI.

    Examples:

    curl  -k -H "x-auth-token:$TOKEN" -H "content-type: application/json" https://<CSO IP>/tssm/  -X GET
    curl  -k -H "x-auth-token:$TOKEN" -H "content-type: application/json" https://<CSO IP>/tssm/site  -X GET
    curl  -k -H "x-auth-token:$TOKEN" -H "content-type: application/json" https://<CSO IP>/tssm/project   -X GET
    curl  -k -H "x-auth-token:$TOKEN" -H "content-type: application/json" https://<CSO IP>/policy-mgmt/intent_policy/ -X GET | python -m json.tool
    Output will vary based on the token value. If tenant scoped token used then results will only be specific to that tenant.
     
    In the above step, CSO IP should be replaced with IP based on CSO deployment mode as mentioned below:
     
    Small Deployment - Central Mircro Services VM
    Medium Deployment - Central VIP IP
    Large Deployment - Central VIP IP or Regional VIP IP based on the API issued.
Modification History:
2019-12-05: Added statement that "csadmin' user ID is required for global token generation.
2019-06-11: Fixed formatting and added link to documentation.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search