How To …

This section lists how various tasks can be performed using Harmony APIs. The list here is not exhaustive and covers only a few use case cases.

Create Lightning ADC Cluster

Lightning ADC Cluster is represented by cspcluster object. POST call on the object collection creates a new cluster. Other than authorization information, this call requires provider as well as tenant name as headers. Cluster name is passed as data.

curl 'https://api.a10networks.com/api/v2/cspcluster' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session f3f8c1df-7455-4207-bb6e-822a5f85ba2e' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"DemoCluster","state":"ACTIVE"}'

This call returns the newly created cspcluster object from which cluster ID can be read and used for connecting Lightning ADCs to the Harmony Controller

{
    "name" : "DemoCluster",
    "state" : "ACTIVE",
    "accountId" : "d07c346a-a147-4791-9da7-abb8c2e877f1",
    "clusterId" : "iif2qv6uns",
    "launchState" : "NOT_STARTED",
    "infraCredentialNames" : [  ],
    "csps" : [  ],
    "createdAt" : "Jul 31, 2017 11:24:58 AM UTC",
    "lastModifiedAt" : "Jul 31, 2017 11:24:58 AM UTC",
    "lastModifiedBy" : "someone@example.net",
    "references" : [  ],
    "auditStatus" : "This is a new cluster and not yet audited. Auditing ‘ll happen in a few minutes.",
    "techSupport" : "No tech support information available",
    "reconfirmAuditCount" : 0,
    "auditRequired" : true,
    "previousConsistencyStatus" : true,
    "id" : "DemoCluster",
    "nodes" : [  ],
    "consistent" : false
}

Delete Lightning ADC Cluster

DELETE call on individual cspcluster object deletes the specific cluster.

curl 'https://api.a10networks.com/api/v2/cspcluster/DemoCluster' \
-XDELETE \
-H 'Content-Type: application/json' \
-H 'Authorization: Session f3f8c1df-7455-4207-bb6e-822a5f85ba2e' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary 'null'

Create Application

For creating an application configuration, the entire object hierarchy needs to be created. Calling POST APIs of the objects in the sequence does the job. By default, all the values are taken as default.

1. Create Application

POST call on applications collection creates a new application.

curl 'https://api.a10networks.com/api/v2/applications' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"MyDemoApp","state":"ACTIVE","description":"MyDemoApp","productId":"Pro"}'

2. Create Domain EndPoint

As of now only one Domain EndPoint called default-host is to be created per application. However, each Domain EndPoint can have multiple domains.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"default-host","description":"default-host","domains":[{"fqdn":"www.example.com"}],"transportPropertiesList":[{"name":"http_80","port":80}]}'

3. Create Service EndPoint

Service EndPoint is created under Domain EndPoint. Multiple Service EndPoints may be created - one for each server group.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/_import' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"default-service","description":"This service is created by system to match any URLs at the end. A matching Smart Flow has also been created for you to configure policies for traffic that does not match any other condition.","condition":"URL:ciPrefix:\"/\"","serverGroup":{"name":"defaultServerGroup","servers":[],"loadBalancingAlgorithmPolicy":{"name":"defaultLBpolicy","state":"ACTIVE","method":"least_conn","type":"serverAlgo"},"clientSSLPolicy":{"name":"defaultClientSSLpolicy","state":"INACTIVE","validateUpstreamCert":false,"cipherVersions":[],"sslVersions":[],"sendServerName":false,"type":"clientSSL"},"sessionPersistencePolicy":{"state":"INACTIVE","method":"cookie_sticky","type":"sessionPersistence","name":"defaultSessionPersistence"},"outOfBandMonitorPolicy":{"state":"ACTIVE","oobInterval":10,"oobTimeout":10,"oobType":"tcp","oobHttpUrl":"","type":"monitor","name":"OutOfBandMonitor"},"policies":[{"type":"serverLimits","name":"serverLimitsPolicy","readTimeout":300,"sendTimeout":300}]}}'

4. Create Smart Flow

Smart Flow is created under a service. POST call on Smart Flow collection creates a Smart Flow. Multiple Smart Flows may be created within a service for better traffic segmentation and for applying the policies granularly.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/smartflows' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"default-smartflow","condition":"URL:ciPrefix:\"/\"","flowType":"allow"}'

5. Create Smart Flow Policies

The default Smart Flow policies are created with creation of the Smart Flow. However, it is good to create a few header rewrite policies so that information about the client connection can reach to the server.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/smartflows/default-smartflow/policies' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"type":"headerRewrite","name":"headerRewrite","state":"ACTIVE","rules":[{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-For","value":"$http_x_forwarded_for, $remote_addr"},{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-Proto","value":"$scheme"},{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-Port","value":"$server_port"}]}'

Append Application Servers in a Server Group

Server Group is part of Service EndPoint. It is created as part of Service EndPoint creation and holds the list of application servers and associated policies configured for the Service EndPoint. As of now only one server group can be attached to a Service EndPoint. PUT call on servergroups object appends the list of servers with the newly provided list.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/servergroups/defaultServerGroup/servers' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '[{"ipAddress":"1.1.1.1","port":80,"weight":1}]'

Change Status of an Application Server

Sometimes it is required to mark an application server as ‘Down’ for maintenance or some other administrative reason. One way is remove that server from the server array and add it back once it is ready to take the load. Another way is to just mark it as down so that other parameters related to the server remain intact.

Setting appropriate status in down attribute of JSON data and passing it to PUT call on servers object marks the server appropriatly.

As of now this is required to be done in 3 steps:

1. Get list of Servers

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/servergroups/defaultServerGroup/servers/' \
-XGET \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \

2.Delete Server from the Server Group

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/servergroups/defaultServerGroup/servers' \
-XDELETE \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '[{"state":"ACTIVE","ipAddress":"1.1.1.2","port":80,"weight":1,"maxFails":3,"failTimeout":10,"backup":false, "down": false}]'

3. Add Server with Modified Data

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/servergroups/defaultServerGroup/servers' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '[{"state":"ACTIVE","ipAddress":"1.1.1.2","port":80,"weight":1,"maxFails":3,"failTimeout":10,"backup":false, "down": true}]'

Associate Application to a Lightning ADC Cluster

Application and Lightning ADC Cluster are created independantly in the Harmony Controller. But, before switching the DNS to flow traffic via Lightning ADCs, the application must be attached to a Lightning ADC Cluster. Only a cluster with active Lightning ADC instances can be attached to the application.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/cspclusters/MyDemoCluster' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary 'null'

Start Blue-Green Deploytment

Starting a Blue-Green deployment involves creating a new Service EndPoint with the same configuration as Blue Service, place it with the Blue Service in order, activate it and then create a traffic split condition.

1. Read configuration of Blue Service

Complete data about a Service EndPoint can be read using 3 GET calls on Service object, Smart Flow object and Policies object as following:

a. Read Service Configuration

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/BlueService' \
-XGET \
-H 'Content-Type: application/json' \
-H 'Authorization: Session bc93b92b-30c9-414b-9e5c-9c0547460a05' \
-H 'tenant: Demo' \
-H 'provider: root'

b. Read Smart Flow Configuration

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/BlueService/smartflows' \
-XGET \
-H 'Content-Type: application/json' \
-H 'Authorization: Session bc93b92b-30c9-414b-9e5c-9c0547460a05' \
-H 'tenant: Demo' \
-H 'provider: root'

c. Read Policy Configuration

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/BlueService/smartflows/default-smartflow/policies' \
-XGET \
-H 'Content-Type: application/json' \
-H 'Authorization: Session bc93b92b-30c9-414b-9e5c-9c0547460a05' \
-H 'tenant: Demo' \
-H 'provider: root'

2. Create Green Service with same configuration

Name, description and server IP addresses must be changed after copying the payload. Other than traffic split condition, these 3 are the differences between Blue and Green Service.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/_import' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"GreenService","description":"This is Green Service","condition":"URL:prefix:\"/demo\"","serverGroup":{"name":"defaultServerGroup","accountId":"d07c346a-a147-4791-9da7-abb8c2e877f1","applicationId":"MyDemoApp","hostId":"default-host","serviceId":"GreenService","loadBalancingAlgorithmPolicy":{"name":"defaultLBpolicy","state":"ACTIVE","method":"least_conn","type":"serverAlgo","id":"defaultLBpolicy"},"clientSSLPolicy":{"name":"defaultClientSSLpolicy","state":"INACTIVE","validateUpstreamCert":false,"sendServerName":false,"sslVersions":["TLSv1.1","TLSv1","TLSv1.2"],"cipherVersions":["ECDHE-ECDSA-AES128-SHA256","ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-RSA-CHACHA20-POLY1305","ECDHE-RSA-AES256-SHA","ECDHE-RSA-AES128-SHA256","DHE-RSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES128-SHA","ECDHE-ECDSA-CHACHA20-POLY1305","DHE-RSA-CHACHA20-POLY1305","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-SHA384","DHE-RSA-AES256-SHA256","DHE-RSA-AES128-SHA","DHE-RSA-AES128-SHA256","ECDHE-RSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES256-SHA","ECDHE-ECDSA-AES128-SHA","DHE-RSA-AES128-GCM-SHA256","DHE-RSA-AES256-SHA"],"type":"clientSSL","id":"defaultClientSSLpolicy"},"sessionPersistencePolicy":{"name":"defaultSessionPersistence","state":"INACTIVE","method":"cookie_sticky","cookieName":"pep-route","cookieDomain":"","cookiePath":"/","expires":0,"cookieHash":"sha1","cookieSecure":false,"cookieHttpOnly":false,"headerName":"","queryParameterName":"","cookieExpires":0,"noFallBack":false,"cookieNoFallBack":false,"type":"sessionPersistence","id":"defaultSessionPersistence"},"outOfBandMonitorPolicy":{"name":"defaultoutOfBandMonitorPolicy","state":"ACTIVE","oobInterval":10,"oobTimeout":10,"minActiveServers":1,"oobType":"tcp","oobHttpUrl":"","type":"monitor","id":"defaultoutOfBandMonitorPolicy"},"servers":[{"state":"ACTIVE","ipAddress":"2.2.2.2","port":80,"$$hashKey":"1ZE"}],"infraCredentialNames":[""],"policies":[{"type":"serverLimits","name":"serverLimitsPolicy","state":"ACTIVE","createdAt":"2017-08-01T11:12:05Z","lastModifiedAt":"2017-08-01T11:12:05Z","lastModifiedBy":"someone@example.net","readTimeout":300,"sendTimeout":300,"id":"serverLimitsPolicy"},{"type":"fallback","name":"fallbackPolicy","state":"INACTIVE","createdAt":"2017-08-01T11:12:05Z","lastModifiedAt":"2017-08-01T11:12:05Z","lastModifiedBy":"someone@exanple.net","service":"default-service","aliasCode":0,"id":"fallbackPolicy"},{"type":"connectionPool","name":"ConnectionPoolPolicy","state":"ACTIVE","createdAt":"2017-08-01T11:12:05Z","lastModifiedAt":"2017-08-01T11:12:05Z","lastModifiedBy":"someone@exanple.net","maxReq":0,"maxConn":10000,"maxOpeningConn":0,"maxSpareConn":0,"minSpareConn":0,"reqTimeout":1000,"keepAliveTimeout":4,"logLevel":"error","cpoolStatus":"on","disableEmaxComputeStatus":"off","maxReqPerConn":100,"id":"ConnectionPoolPolicy"},{"type":"locationAffinity","name":"locationAffinityPolicy","state":"INACTIVE","createdAt":"2017-08-01T11:12:05Z","lastModifiedAt":"2017-08-01T11:12:05Z","lastModifiedBy":"someone@exanple.net","affinityOnly":false,"affinityRatio":2,"id":"locationAffinityPolicy"}]},"smartFlows":[{"name":"default-smartflow","state":"ACTIVE","accountId":"d07c346a-a147-4791-9da7-abb8c2e877f1","applicationId":"MyDemoApp","hostId":"default-host","serviceId":"GreenService","condition":"URL:prefix:\"/demo\"","flowType":"allow","flowDenyNoResp":false,"policies":[{"type":"headerRewrite","name":"headerRewrite","state":"ACTIVE","createdAt":"2017-08-01T11:12:08Z","lastModifiedAt":"2017-08-01T11:12:08Z","lastModifiedBy":"someone@exanple.net","rules":[{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-For","value":"$http_x_forwarded_for, $remote_addr"},{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-Proto","value":"$scheme"},{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-Port","value":"$server_port"}],"id":"headerRewrite"}]}]}'

3. Place the Green Service appropriatly

Green Service must always be placed just above the Blue Service.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/_updatesequence' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '["GreenService","BlueService","default-service"]'

4. Activate the Green Service

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/_activate' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '["GreenService"]'

5. Create the Traffic Split Condition

trafficsplits object holds the traffic split condition between Blue and Green services. The division may be in form of percentage or specific condition based on information available in Request. splitSlices for each service should be specified properly.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/trafficsplits' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"BlueService--VS--GreenService","type":"splitClients","status":"true","splitSlices":[{"service":"BlueService","percentage":80,"code":"blue","condition":""},{"service":"GreenService","percentage":20,"code":"green","condition":""}]}'

Update Traffic Split Condition in Blue-Green

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/trafficsplits/BlueService--VS--GreenService' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"BlueService--VS--GreenService","type":"splitClients","state":"ACTIVE","splitSlices":[{"service":"BlueService","percentage":"","code":"blue","condition":""},{"service":"GreenService","percentage":"","code":"green","condition":"GEO:equals:\"US\""}]}'

Deactivate Blue-Green

Deactivating involves deactivating the trafficsplits as well as deactivating the Green Service.

1. Deactivate Traffic Split Condition

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/trafficsplits/BlueService--VS--GreenService' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"BlueService--VS--GreenService","accountId":"d07c346a-a147-4791-9da7-abb8c2e877f1","applicationId":"MyDemoApp","hostId":"default-host","state":"INACTIVE","splitSlices":[{"service":"BlueService","condition":"","code":"blue"},{"service":"GreenService","condition":"GEO:equals:\"US\"","code":"green"}],"id":"BlueService--VS--GreenService"}'

2. Deactivate Service EndPoint

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/_deactivate' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '["GreenService"]'

Delete Blue-Green

DELETE call needs to be made on ‘trafficsplits’ as well as on ‘Service’. Any of Blue or Green service can be deleted as needed.

1. Delete Traffic Split Condition

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/trafficsplits/BlueService--VS--GreenService' \
-XDELETE \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary 'null'

2. Delete Service EndPoint

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/GreenService' \
-XDELETE \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"GreenService","condition":"URL:prefix:\"/demo\""}'

Collect Access Logs

Access logs can be read using metrics APIs. ‘From’ (gte) and ‘To’ (lte) timestamp (Unix Timestamp format) needs to be provided as part of query for reading logs. Only the number of logs specific in size parameter are returned. Maximum 10000 logs are returned at a time.

For getting more logs another API call can be made adjusting the timestamp parameters accordingly.

curl 'https://api.a10networks.com/api/v2/metrics/accesslog/_search' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"query":{"bool":{"must":[{"match":{"applicationId":"MyDemoApp"}},{"match":{"internal":false}},{"range":{"timestamp":{"gte":1501583460000,"lte":1501585260000}}}]}},"from":0,"size":50,"sort":{"timestamp":{"order":"desc"}}}'