NSX-T の Policy API には、Hierarchical API とよばれる使用方法があります。
今回は、Hierarchical API で情報取得してみます。
前回の投稿(下記)で作成した環境の情報を GET してみます。
NSX-T の Policy API をためす。Part.3(オブジェクト作成編)
以前に、Path 指定での API で情報取得してみました。
この環境も、Part.3 で作成した環境とほとんど同じです。
NSX-T の Policy API をためす。Part.1(GET 編)
Hierarchical API の特徴。
前回までの投稿では、Policy API の URL でオブジェクトの Path を指定して API コールしていました。
Policy API を Hierarchical で利用する場合は、Infra と Domain という特別なオブジェクトを基準として API をコールします。
URL は、次のようになっていました。
GET /policy/api/v1/infra/segments
一方、Hierarchical API では、エンドポイントの URL が一律で次のものになります。
(今回あつかうオブジェクトでは共通で ~/infra まで)
GET /policy/api/v1/infra
そして、GET メソッドでは、オブジェクト(リソース)の種類によって、フィルタを指定することができます。
セグメントの場合は、つぎのようにフィルタを指定します。
GET /policy/api/v1/infra?filter=Type-Segment
それでは、ひととおり情報取得してみます。
なお、前回までの投稿で紹介したように、API のコールには curl コマンドを利用します。
変数 CREDには「ユーザ名:パスワード」、MGR には NSX Manager のアドレスを格納してあります。
$ MGR=lab-nsxt-mgr-01.go-lab.jp
$ CRED='admin:VMware1!VMware1!'
セグメントの情報取得。
VLAN/オーバーレイ 両方のセグメントの情報が取得されます。
仮想マシンが接続されたセグメント ポートなども表示されます。
GET /policy/api/v1/infra?filter=Type-Segment
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Segment
{
"resource_type" : "Infra",
"id" : "infra",
"display_name" : "infra",
"path" : "/infra",
"relative_path" : "infra",
"children" : [ {
"SegmentSecurityProfile" : {
"bpdu_filter_enable" : true,
"bpdu_filter_allow" : [ ],
"dhcp_server_block_enabled" : true,
"dhcp_client_block_enabled" : false,
"non_ip_traffic_block_enabled" : false,
"dhcp_server_block_v6_enabled" : true,
"dhcp_client_block_v6_enabled" : false,
"ra_guard_enabled" : false,
"rate_limits_enabled" : false,
"rate_limits" : {
"rx_broadcast" : 0,
"tx_broadcast" : 0,
"rx_multicast" : 0,
"tx_multicast" : 0
},
"resource_type" : "SegmentSecurityProfile",
"id" : "default-segment-security-profile",
"display_name" : "default-segment-security-profile",
"path" : "/infra/segment-security-profiles/default-segment-security-profile",
"relative_path" : "default-segment-security-profile",
"parent_path" : "/infra/segment-security-profiles/default-segment-security-profile",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "system",
"_create_time" : 1568904746259,
"_last_modified_user" : "system",
"_last_modified_time" : 1568904746259,
"_system_owned" : true,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildSegmentSecurityProfile",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
}, {
"Segment" : {
"type" : "DISCONNECTED",
"vlan_ids" : [ "200" ],
"transport_zone_path" : "/infra/sites/default/enforcement-points/default/transport-zones/4954eeca-decb-487a-8582-b011d60ba19f",
"resource_type" : "Segment",
"id" : "seg-vlan-0200",
"display_name" : "seg-vlan-0200",
"path" : "/infra/segments/seg-vlan-0200",
"relative_path" : "seg-vlan-0200",
"parent_path" : "/infra/segments/seg-vlan-0200",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572972974519,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572972974519,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildSegment",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
}, {
"Segment" : {
"type" : "ROUTED",
"subnets" : [ {
"gateway_address" : "172.16.2.1/24",
"dhcp_ranges" : [ "172.16.2.10-172.16.2.250" ],
"network" : "172.16.2.0/24"
} ],
"connectivity_path" : "/infra/tier-1s/t1-gw-01",
"transport_zone_path" : "/infra/sites/default/enforcement-points/default/transport-zones/4d5e3804-e62c-40ab-af7c-99bab2d5e5e8",
"resource_type" : "Segment",
"id" : "seg-overlay-02",
"display_name" : "seg-overlay-02",
"path" : "/infra/segments/seg-overlay-02",
"relative_path" : "seg-overlay-02",
"parent_path" : "/infra/segments/seg-overlay-02",
"children" : [ {
"SegmentPort" : {
"resource_type" : "SegmentPort",
"id" : "default:96e7763f-b5fa-4e8d-830e-dcacdc7bf43a",
"display_name" : "vm03/vm03.vmx@c1f5e1bd-d787-4ec5-96a4-c20910bd217a",
"tags" : [ ],
"path" : "/infra/segments/seg-overlay-02/ports/default:96e7763f-b5fa-4e8d-830e-dcacdc7bf43a",
"relative_path" : "default:96e7763f-b5fa-4e8d-830e-dcacdc7bf43a",
"parent_path" : "/infra/segments/seg-overlay-02",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "system",
"_create_time" : 1572993602499,
"_last_modified_user" : "system",
"_last_modified_time" : 1572993602499,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildSegmentPort",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
}, {
"SegmentPort" : {
"resource_type" : "SegmentPort",
"id" : "default:336fee15-4d0e-4d35-8dc7-cf091038b00e",
"display_name" : "vm04/vm04.vmx@3c436657-571b-4bb3-b617-2dcfdcf2ba59",
"tags" : [ ],
"path" : "/infra/segments/seg-overlay-02/ports/default:336fee15-4d0e-4d35-8dc7-cf091038b00e",
"relative_path" : "default:336fee15-4d0e-4d35-8dc7-cf091038b00e",
"parent_path" : "/infra/segments/seg-overlay-02",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "system",
"_create_time" : 1572993602424,
"_last_modified_user" : "system",
"_last_modified_time" : 1572993602424,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildSegmentPort",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973676117,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973676117,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildSegment",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
}, {
"Segment" : {
"type" : "ROUTED",
"subnets" : [ {
"gateway_address" : "172.16.1.1/24",
"dhcp_ranges" : [ "172.16.1.10-172.16.1.250" ],
"network" : "172.16.1.0/24"
} ],
"connectivity_path" : "/infra/tier-1s/t1-gw-01",
"transport_zone_path" : "/infra/sites/default/enforcement-points/default/transport-zones/4d5e3804-e62c-40ab-af7c-99bab2d5e5e8",
"resource_type" : "Segment",
"id" : "seg-overlay-01",
"display_name" : "seg-overlay-01",
"path" : "/infra/segments/seg-overlay-01",
"relative_path" : "seg-overlay-01",
"parent_path" : "/infra/segments/seg-overlay-01",
"children" : [ {
"SegmentPort" : {
"resource_type" : "SegmentPort",
"id" : "default:94e29eaa-034c-4df6-a4b1-54fc95a18cba",
"display_name" : "vm01/vm01.vmx@3c436657-571b-4bb3-b617-2dcfdcf2ba59",
"tags" : [ ],
"path" : "/infra/segments/seg-overlay-01/ports/default:94e29eaa-034c-4df6-a4b1-54fc95a18cba",
"relative_path" : "default:94e29eaa-034c-4df6-a4b1-54fc95a18cba",
"parent_path" : "/infra/segments/seg-overlay-01",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "system",
"_create_time" : 1572993602117,
"_last_modified_user" : "system",
"_last_modified_time" : 1572993602117,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildSegmentPort",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
}, {
"SegmentPort" : {
"resource_type" : "SegmentPort",
"id" : "default:e1385e98-f4cf-4dee-bbc6-535584d9b721",
"display_name" : "vm02/vm02.vmx@92e5beee-20a2-4ba7-8372-ce49aace34fc",
"tags" : [ ],
"path" : "/infra/segments/seg-overlay-01/ports/default:e1385e98-f4cf-4dee-bbc6-535584d9b721",
"relative_path" : "default:e1385e98-f4cf-4dee-bbc6-535584d9b721",
"parent_path" : "/infra/segments/seg-overlay-01",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "system",
"_create_time" : 1572993602249,
"_last_modified_user" : "system",
"_last_modified_time" : 1572993602249,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildSegmentPort",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973665350,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973665350,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildSegment",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"connectivity_strategy" : "BLACKLIST",
"_create_user" : "system",
"_create_time" : 1568904745337,
"_last_modified_user" : "system",
"_last_modified_time" : 1568904745337,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
}
Tier-0 ゲートウェイの情報取得。
Tier-0 ゲートウェイ配下のオブジェクトは、Tier-0 と一緒にフィルタに含める必要があります。
Tier-0 ゲートウェイだけを指定した情報取得。
まず、Tier-0 ゲートウェイだけの場合です。
GET /policy/api/v1/infra?filter=Type-Tier0
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0
{
"resource_type" : "Infra",
"id" : "infra",
"display_name" : "infra",
"path" : "/infra",
"relative_path" : "infra",
"children" : [ {
"Tier0" : {
"transit_subnets" : [ "100.64.0.0/16" ],
"internal_transit_subnets" : [ "169.254.0.0/28" ],
"ha_mode" : "ACTIVE_STANDBY",
"failover_mode" : "NON_PREEMPTIVE",
"ipv6_profile_paths" : [ "/infra/ipv6-ndra-profiles/default", "/infra/ipv6-dad-profiles/default" ],
"force_whitelisting" : false,
"default_rule_logging" : false,
"disable_firewall" : false,
"resource_type" : "Tier0",
"id" : "t0-gw-01",
"display_name" : "t0-gw-01",
"path" : "/infra/tier-0s/t0-gw-01",
"relative_path" : "t0-gw-01",
"parent_path" : "/infra/tier-0s/t0-gw-01",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973048893,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973084322,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 1
},
"resource_type" : "ChildTier0",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"connectivity_strategy" : "BLACKLIST",
"_create_user" : "system",
"_create_time" : 1568904745337,
"_last_modified_user" : "system",
"_last_modified_time" : 1568904745337,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
}
LocaleServices を含めた情報取得。
複数種類のリソースを含める場合は、「|」(パイプ)で連結します。
ただし、URL ではパイプ文字が指定できないので、URL エンコーディング(% エンコーディング)にします。
「|」は、「%7C」という文字列に置き換えます。
結果の JSON から、Tier0 → LocaleServices → Tier0Interface が階層構造になっていることがわかります。
ここでは LocaleServices のインターフェースも取得できています。
GET /policy/api/v1/infra?filter=Type-Tier0|LocaleServices
↓
GET /policy/api/v1/infra?filter=Type-Tier0%7CLocaleServices
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0%7CLocaleServices
{
"resource_type" : "Infra",
"id" : "infra",
"display_name" : "infra",
"path" : "/infra",
"relative_path" : "infra",
"children" : [ {
"Tier0" : {
"transit_subnets" : [ "100.64.0.0/16" ],
"internal_transit_subnets" : [ "169.254.0.0/28" ],
"ha_mode" : "ACTIVE_STANDBY",
"failover_mode" : "NON_PREEMPTIVE",
"ipv6_profile_paths" : [ "/infra/ipv6-ndra-profiles/default", "/infra/ipv6-dad-profiles/default" ],
"force_whitelisting" : false,
"default_rule_logging" : false,
"disable_firewall" : false,
"resource_type" : "Tier0",
"id" : "t0-gw-01",
"display_name" : "t0-gw-01",
"path" : "/infra/tier-0s/t0-gw-01",
"relative_path" : "t0-gw-01",
"parent_path" : "/infra/tier-0s/t0-gw-01",
"children" : [ {
"LocaleServices" : {
"edge_cluster_path" : "/infra/sites/default/enforcement-points/default/edge-clusters/a2958967-0579-4cbf-a018-96cfa6553fae",
"resource_type" : "LocaleServices",
"id" : "24b79e4c-2ef1-4360-ac2c-9454514eada5",
"display_name" : "24b79e4c-2ef1-4360-ac2c-9454514eada5",
"path" : "/infra/tier-0s/t0-gw-01/locale-services/24b79e4c-2ef1-4360-ac2c-9454514eada5",
"relative_path" : "24b79e4c-2ef1-4360-ac2c-9454514eada5",
"parent_path" : "/infra/tier-0s/t0-gw-01",
"children" : [ {
"Tier0Interface" : {
"edge_path" : "/infra/sites/default/enforcement-points/default/edge-clusters/a2958967-0579-4cbf-a018-96cfa6553fae/edge-nodes/8e1b5bda-e116-49da-8b4b-bbb2961a7900",
"segment_path" : "/infra/segments/seg-vlan-0200",
"type" : "EXTERNAL",
"resource_type" : "Tier0Interface",
"id" : "t0-uplink-01",
"display_name" : "t0-uplink-01",
"path" : "/infra/tier-0s/t0-gw-01/locale-services/24b79e4c-2ef1-4360-ac2c-9454514eada5/interfaces/t0-uplink-01",
"relative_path" : "t0-uplink-01",
"parent_path" : "/infra/tier-0s/t0-gw-01/locale-services/24b79e4c-2ef1-4360-ac2c-9454514eada5",
"children" : [ ],
"marked_for_delete" : false,
"subnets" : [ {
"ip_addresses" : [ "192.168.200.2" ],
"prefix_len" : 24
} ],
"_create_user" : "admin",
"_create_time" : 1572973121476,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973121476,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildTier0Interface",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973084293,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973084293,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildLocaleServices",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973048893,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973084322,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 1
},
"resource_type" : "ChildTier0",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"connectivity_strategy" : "BLACKLIST",
"_create_user" : "system",
"_create_time" : 1568904745337,
"_last_modified_user" : "system",
"_last_modified_time" : 1568904745337,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
}
LocaleServices とインターフェースを含めた情報取得。
Tier-0 ゲートウェイのインターフェースを含めた URL 指定は、次のようになります。
※レスポンスについては省略。
GET /policy/api/v1/infra?filter=Type-Tier0|LocaleServices|Tier0Interface
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0%7CLocaleServices%7CTier0Interface
スタティック ルートの情報取得。
Tier-0 ゲートウェイのスタティック ルートの情報を取得します。
GET /policy/api/v1/infra?filter=Type-Tier0|StaticRoutes
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0%7CStaticRoutes
{
"resource_type" : "Infra",
"id" : "infra",
"display_name" : "infra",
"path" : "/infra",
"relative_path" : "infra",
"children" : [ {
"Tier0" : {
"transit_subnets" : [ "100.64.0.0/16" ],
"internal_transit_subnets" : [ "169.254.0.0/28" ],
"ha_mode" : "ACTIVE_STANDBY",
"failover_mode" : "NON_PREEMPTIVE",
"ipv6_profile_paths" : [ "/infra/ipv6-ndra-profiles/default", "/infra/ipv6-dad-profiles/default" ],
"force_whitelisting" : false,
"default_rule_logging" : false,
"disable_firewall" : false,
"resource_type" : "Tier0",
"id" : "t0-gw-01",
"display_name" : "t0-gw-01",
"path" : "/infra/tier-0s/t0-gw-01",
"relative_path" : "t0-gw-01",
"parent_path" : "/infra/tier-0s/t0-gw-01",
"children" : [ {
"StaticRoutes" : {
"network" : "0.0.0.0/0",
"next_hops" : [ {
"ip_address" : "192.168.200.1",
"admin_distance" : 1
} ],
"resource_type" : "StaticRoutes",
"id" : "t0-route-01",
"display_name" : "t0-route-01",
"path" : "/infra/tier-0s/t0-gw-01/static-routes/t0-route-01",
"relative_path" : "t0-route-01",
"parent_path" : "/infra/tier-0s/t0-gw-01",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973183264,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973183264,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildStaticRoutes",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973048893,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973084322,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 1
},
"resource_type" : "ChildTier0",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"connectivity_strategy" : "BLACKLIST",
"_create_user" : "system",
"_create_time" : 1568904745337,
"_last_modified_user" : "system",
"_last_modified_time" : 1568904745337,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
}
NAT ルールの情報取得。
Tier-0 ゲートウェイの NAT ルールを取得します。
ユーザが手動で作成した「USER」のもの以外に、
自動作成される DEFAULT / INTERNAL の NAT が存在することがわかります。
GET /policy/api/v1/infra?filter=Type-Tier0|PolicyNat
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0%7CPolicyNat
{
"resource_type" : "Infra",
"id" : "infra",
"display_name" : "infra",
"path" : "/infra",
"relative_path" : "infra",
"children" : [ {
"Tier0" : {
"transit_subnets" : [ "100.64.0.0/16" ],
"internal_transit_subnets" : [ "169.254.0.0/28" ],
"ha_mode" : "ACTIVE_STANDBY",
"failover_mode" : "NON_PREEMPTIVE",
"ipv6_profile_paths" : [ "/infra/ipv6-ndra-profiles/default", "/infra/ipv6-dad-profiles/default" ],
"force_whitelisting" : false,
"default_rule_logging" : false,
"disable_firewall" : false,
"resource_type" : "Tier0",
"id" : "t0-gw-01",
"display_name" : "t0-gw-01",
"path" : "/infra/tier-0s/t0-gw-01",
"relative_path" : "t0-gw-01",
"parent_path" : "/infra/tier-0s/t0-gw-01",
"children" : [ {
"PolicyNat" : {
"nat_type" : "DEFAULT",
"resource_type" : "PolicyNat",
"id" : "DEFAULT",
"display_name" : "DEFAULT",
"path" : "/infra/tier-0s/t0-gw-01/nat/DEFAULT",
"relative_path" : "DEFAULT",
"parent_path" : "/infra/tier-0s/t0-gw-01",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1569254493062,
"_last_modified_user" : "admin",
"_last_modified_time" : 1569254493062,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildPolicyNat",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
}, {
"PolicyNat" : {
"nat_type" : "INTERNAL",
"resource_type" : "PolicyNat",
"id" : "INTERNAL",
"display_name" : "INTERNAL",
"path" : "/infra/tier-0s/t0-gw-01/nat/INTERNAL",
"relative_path" : "INTERNAL",
"parent_path" : "/infra/tier-0s/t0-gw-01",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1569254493059,
"_last_modified_user" : "admin",
"_last_modified_time" : 1569254493059,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildPolicyNat",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
}, {
"PolicyNat" : {
"nat_type" : "USER",
"resource_type" : "PolicyNat",
"id" : "USER",
"display_name" : "USER",
"path" : "/infra/tier-0s/t0-gw-01/nat/USER",
"relative_path" : "USER",
"parent_path" : "/infra/tier-0s/t0-gw-01",
"children" : [ {
"PolicyNatRule" : {
"sequence_number" : 100,
"action" : "SNAT",
"source_network" : "172.16.0.0/16",
"service" : "",
"translated_network" : "192.168.200.2",
"scope" : [ ],
"enabled" : true,
"logging" : false,
"resource_type" : "PolicyNatRule",
"id" : "2455c9f8-17b8-4531-8b83-0ce5831eca45",
"display_name" : "t0-snat-01",
"path" : "/infra/tier-0s/t0-gw-01/nat/USER/nat-rules/2455c9f8-17b8-4531-8b83-0ce5831eca45",
"relative_path" : "2455c9f8-17b8-4531-8b83-0ce5831eca45",
"parent_path" : "/infra/tier-0s/t0-gw-01/nat/USER",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973145927,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973145927,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildPolicyNatRule",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1569254493061,
"_last_modified_user" : "admin",
"_last_modified_time" : 1569254493061,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildPolicyNat",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973048893,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973084322,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 1
},
"resource_type" : "ChildTier0",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"connectivity_strategy" : "BLACKLIST",
"_create_user" : "system",
"_create_time" : 1568904745337,
"_last_modified_user" : "system",
"_last_modified_time" : 1568904745337,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
}
Tier-1 ゲートウェイの情報取得。
Tier-1 ゲートウェイ/LocaleServices を取得してみます。
※「filter=Type-Tier1」だけの結果は省略します。
GET /policy/api/v1/infra?filter=Type-Tier1
GET /policy/api/v1/infra?filter=Type-Tier1|LocaleServices
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier1%7CLocaleServices
{
"resource_type" : "Infra",
"id" : "infra",
"display_name" : "infra",
"path" : "/infra",
"relative_path" : "infra",
"children" : [ {
"Tier1" : {
"tier0_path" : "/infra/tier-0s/t0-gw-01",
"failover_mode" : "NON_PREEMPTIVE",
"enable_standby_relocation" : false,
"dhcp_config_paths" : [ "/infra/dhcp-server-configs/dhcp-sv-01" ],
"route_advertisement_types" : [ "TIER1_DNS_FORWARDER_IP", "TIER1_CONNECTED" ],
"force_whitelisting" : false,
"default_rule_logging" : false,
"disable_firewall" : false,
"ipv6_profile_paths" : [ "/infra/ipv6-ndra-profiles/default", "/infra/ipv6-dad-profiles/default" ],
"resource_type" : "Tier1",
"id" : "t1-gw-01",
"display_name" : "t1-gw-01",
"path" : "/infra/tier-1s/t1-gw-01",
"relative_path" : "t1-gw-01",
"parent_path" : "/infra/tier-1s/t1-gw-01",
"children" : [ {
"LocaleServices" : {
"edge_cluster_path" : "/infra/sites/default/enforcement-points/default/edge-clusters/a2958967-0579-4cbf-a018-96cfa6553fae",
"preferred_edge_paths" : [ "/infra/sites/default/enforcement-points/default/edge-clusters/a2958967-0579-4cbf-a018-96cfa6553fae/edge-nodes/8e1b5bda-e116-49da-8b4b-bbb2961a7900" ],
"resource_type" : "LocaleServices",
"id" : "7fa98167-2565-4869-b223-ffa9913684af",
"display_name" : "7fa98167-2565-4869-b223-ffa9913684af",
"path" : "/infra/tier-1s/t1-gw-01/locale-services/7fa98167-2565-4869-b223-ffa9913684af",
"relative_path" : "7fa98167-2565-4869-b223-ffa9913684af",
"parent_path" : "/infra/tier-1s/t1-gw-01",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973260316,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973260316,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildLocaleServices",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973229372,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973418665,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 2
},
"resource_type" : "ChildTier1",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"connectivity_strategy" : "BLACKLIST",
"_create_user" : "system",
"_create_time" : 1568904745337,
"_last_modified_user" : "system",
"_last_modified_time" : 1568904745337,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
}
DHCP サーバの情報取得。
DHCP サーバを取得してみます。
GET /policy/api/v1/infra?filter=Type-Dhcp
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Dhcp
{
"resource_type" : "Infra",
"id" : "infra",
"display_name" : "infra",
"path" : "/infra",
"relative_path" : "infra",
"children" : [ {
"DhcpServerConfig" : {
"server_address" : "172.16.254.254/24",
"lease_time" : 86400,
"resource_type" : "DhcpServerConfig",
"id" : "dhcp-sv-01",
"display_name" : "dhcp-sv-01",
"path" : "/infra/dhcp-server-configs/dhcp-sv-01",
"relative_path" : "dhcp-sv-01",
"parent_path" : "/infra/dhcp-server-configs/dhcp-sv-01",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973288751,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973288751,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildDhcpServerConfig",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"connectivity_strategy" : "BLACKLIST",
"_create_user" : "system",
"_create_time" : 1568904745337,
"_last_modified_user" : "system",
"_last_modified_time" : 1568904745337,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
}
DNS フォワーダの情報取得。
DNS フォワーダ ゾーンの情報を取得してみます。
GET /policy/api/v1/infra?filter=Type-Dns
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Dns
{
"resource_type" : "Infra",
"id" : "infra",
"display_name" : "infra",
"path" : "/infra",
"relative_path" : "infra",
"children" : [ {
"PolicyDnsForwarderZone" : {
"dns_domain_names" : [ ],
"upstream_servers" : [ "192.168.1.101", "192.168.1.102" ],
"resource_type" : "PolicyDnsForwarderZone",
"id" : "dns-zone-01",
"display_name" : "dns-zone-01",
"path" : "/infra/dns-forwarder-zones/dns-zone-01",
"relative_path" : "dns-zone-01",
"parent_path" : "/infra/dns-forwarder-zones/dns-zone-01",
"children" : [ ],
"marked_for_delete" : false,
"_create_user" : "admin",
"_create_time" : 1572973350057,
"_last_modified_user" : "admin",
"_last_modified_time" : 1572973350057,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
},
"resource_type" : "ChildPolicyDnsForwarderZone",
"marked_for_delete" : false,
"_protection" : "NOT_PROTECTED"
} ],
"marked_for_delete" : false,
"connectivity_strategy" : "BLACKLIST",
"_create_user" : "system",
"_create_time" : 1568904745337,
"_last_modified_user" : "system",
"_last_modified_time" : 1568904745337,
"_system_owned" : false,
"_protection" : "NOT_PROTECTED",
"_revision" : 0
}
まとめて情報取得。
他にも、関連するコンポーネントをある程度まとめて取得することもできます。
GET /policy/api/v1/infra?filter=Type-Tier0|LocaleServices|Segment|StaticRoutes|PolicyNat
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier0%7CLocaleServices%7CSegment%7CStaticRoutes%7CPolicyNat
GET /policy/api/v1/infra?filter=Type-Tier1|LocaleServices|Segment|Dhcp|Dns
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-Tier1%7CLocaleServices%7CSegment%7CDhcp%7CDns
ちなみに Policy API での設定全体については、つぎのように取得できます。
ただし内容は膨大で、テキスト ベースの JSON ですがデフォルトに近い環境でも 2MB 弱の容量になります。
GET /policy/api/v1/infra?filter=Type-
$ curl -ks -u $CRED -X GET https://$MGR/policy/api/v1/infra?filter=Type-
なお、全体/複数種類をまとめて取得した JSON データは、環境の論理バックアップに近い目的でも利用できます。
しかし、そのままだと PATCH / PUT で変更できないシステム オブジェクトも含まれるので、
設定のリストアに利用する場合は、取得した JSON から不要なデータを削除する必要があります。
次は、今回取得した JSON 情報を参考に、Hierarchical API で環境作成/削除をしてみます。
つづく。