Get the VRRP-A Status via SNMP or aXAPI

Product Discussions System
1

Hello,

I would like to get the vrrp-a status from some ax devices running2.6.1-GR1-P2 . So I am able to
login to the active vrrp-a unit without trying to connect to both to get the active one. Is there a way to monitor the vrrp-a status ( active / standby ) via snmp or aXAPI? I did not find a snmp OID or the REST Api path for these values.

Kind regards
Klaus

2

Hi Klaus, you could use the “cli.show_info” Method through API pointing to one of the devices.

This method process commands under EXEC mode.

Example Response Request as: URL: https://192.168.100.44:443/services/rest/V2/?session_id=ff52ffff07ffff58ffff46ff4fffff&method=cli.show_info

HTTP Action: POST

Response Fields: Standard plain text CLI output

Example: Process ‘show version’ and ‘help’ in aXAPI:

HTTP POST Body: show ver help

Considering you want to get the vrrp-a status of both devices, you could use on the HTTP POST Body the following command:

show vrrp-a

In case you want more details regarding the vrrp-a status between devices, you could use also:

show vrrp-a detail

Hope it helps

Cheers,

Danguijun

3

Below is a python script that will allow you to accomplish what you desire.

`#this package is for common API task import urllib from xml.dom import minidom

class UrlBuilder: def init(self,domain, path, params): self.domain = domain self.path = path self.params = params

def withPath(self,path): self.path = path return self

def withParams(self,params): self.params = params return self

def str(self): return ‘https://’ + self.domain + self.path + self.params # or return urlparse.urlunparse( ( “http”, self.domain, self.path, self.params, “”, “” )

def build(self): return self.str()

class auth: @classmethod def sessionID(cls, host, username, password): services_path = “/services/rest/V2/” builder_auth_params = ‘’ sid_url = UrlBuilder(host, services_path, builder_auth_params) method = ‘authenticate’ authparams = urllib.urlencode({ ‘method’: method, ‘username’: username, ‘password’: password }) sessionID = minidom.parse(urllib.urlopen(sid_url.str(), authparams)).getElementsByTagName(‘session_id’)[0].childNodes[0].nodeValue return sessionID

@classmethod def sessionClose(cls, host, sid): method = “method=session.close” response = req.get(host, method, sid) return response

class path: @classmethod def v2(cls): return “/services/rest/V2/” @classmethod def sessionID(cls): return “?session_id=”

class req: @classmethod def get(cls,host, method, sid): url = UrlBuilder(host, path.v2(), path.sessionID() + sid + “&” + method.str() + “&format=json”) data = urllib.urlopen(url.str()).read() return data @classmethod def post(cls, host, method, sid, config): #print host, method, sid, config #exit() url = UrlBuilder(host, path.v2(), path.sessionID() + sid + “&” + method.str() + “&format=json”) #body = urllib.urlencode(config) #print body data = urllib.urlopen(url.str(),config).read() return data

class partition: @classmethod def active(cls, host, sid, name): data = req.get(host, ‘method=system.partition.active&name=’+name, sid) return data

username = “admin” password = “a10” host = “172.21.21.254” ‘’’ Separate request by \n

‘’’ config = “show vrrp-a \n sh int br \n show session” sid = auth.sessionID(host, username, password) vrrpStatus = req.post(host, ‘method=cli.show_info’, sid, config)

print vrrpStatus`

Output: show vrrp-a vrid default Unit State Weight Priority 1 (Local) Active 65534 150 vrid that is running: default

4

Thanks for your feedback I will test it

Kind regards
Klaus

5

Hello JackofallTrades,

I tried to connect wiht your script. I am running ubunut 12.04 which is using openssl v1.0.1.

I always get this error.
  [Errno socket error] [Errno 1] _ssl.c:504: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
The A10 webserver is only supporting TLSv1.0 , but openssl is using tlsv1.2.
When I connect with openssl s_client -tls1 host:port it is working
I also tried it whit pyculr running against gnutls, with the error.
I found no way to define in pycurl or urrlib the tls vesion 1.0 ?
Here my pyculr part with all the options I tried.

import pycurl
    from StringIO import StringIO
    
    response = StringIO()

    conn = pycurl.Curl()
    conn.setopt(pycurl.URL, url)
    conn.setopt(pycurl.VERBOSE,1)
    conn.setopt(pycurl.WRITEFUNCTION, response.write)
    conn.setopt(pycurl.SSL\_VERIFYPEER, 0)
    conn.setopt(pycurl.SSL\_VERIFYHOST, 0)
    conn.setopt(pycurl.SSLVERSION, pycurl.SSLVERSION\_TLSv1)
    conn.setopt(pycurl.SSL\_CIPHER\_LIST,"NONE:\+VERS-TLS1.0:\+AES-128-CBC:\+RSA:\+SHA1:\+COMP-NULL")
    \#conn.setopt(pycurl.SSL\_CIPHER\_LIST, "\+VERS-TLS1.0:!VERS-TLS1.1:!VERSTLS1.2")
    \#conn.setopt(pycurl.SSLVERSION,pycurl.SSLVERSION\_SSLv2)
    \#conn.setopt(pycurl.SSLVERSION,pycurl.SSLVERSION\_DEFAULT)

try:

        conn.perform()
        xmlstring=response.getvalue()

httperror=False
    except pycurl.error as error:
        httperror=str(error)
        xmlstring=False
    #
    return xmlstring,httperror

Have you any idea how to define this ?

Kind regards
Klaus

6

Here is the gnutls error message.

\* gnutls\_handshake() failed: A TLS fatal alert has been received.
\* Closing connection \#0
Error Message: (35, 'gnutls\_handshake() failed: A TLS fatal alert has been received.')
7

I will look into this and try to get something back by next week. On first look it seems that there might be a limitation in urllib to address this issue. It might have to do with the fact that th AX webserver may not know who to negotiate to a lower version of TSL.

We will see.

8

I found a solution that works for me :

Kind regards
Klaus

9

With this definition it is working:

self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=ssl.PROTOCOL_TLSv1)

10

Hello JackofallTrades,

I hope you could help me again. Because of the SSL problem in ubunut version 12.04 I am trying to connect via urllib2. But the post seems not to work. It always send the sssion_id and the method.

postdata=“show version” request=urllib2.Request(url,postdata) #request response=urllib2.urlopen(request) #convert to string xmlstring=response.read()

The “show audit” log show that the postdata is not transfered. axapi: [/services/rest/V2/] GET[session_id=831d4228fc3be3e922bfb8825ea324&method=cli.show_info] POST[session_id=831d4228fc3be3e922bfb8825ea324&method=cli.show_info]

The documentation to urllib2 wants a tuple of data for a post.

------ 20.6. urllib2 — extensible library for opening URLs — Python 2.7.2 documentation

urllib2.urlopen(url[, data][, timeout]) data may be a string specifying additional data to send to the server, or None if no such data is needed. Currently HTTP requests are the only ones that use data; the HTTP request will be a POST instead of a GET when the data parameter is provided. data should be a buffer in the standard application/x-www-form-urlencoded format. The urllib.urlencode() function takes a mapping or sequence of 2-tuples and returns a string in this format. urllib2 module sends HTTP/1.1 requests with Connection:close header included.

What kind of tuple must be send to the axapi ? ??? = show version

Kind regards Klaus

11

Hello ,

could some help me on this issue ?

Kind regards
Klaus

12

Hello,

I have tested now with wget and got the error message. Invalid username/password.

------ <error code=“2007” msg=“Invalid username/password.” ------

show audit output is listing open a cli session ------ Oct 12 2012 10:03:03 Session[1] closed Oct 12 2012 10:03:03 [bla01] axapi: [/services/rest/V2/] GET[session_id=05149c7afcf5566d8701f8d6b95bf8&method=cli.show_info&format=json] POST[session_id=05149c7afcf5566d8701f8d6b95bf8&method=cli.show_info&format=json] Oct 12 2012 10:03:03 A cli session[1] opened, username: bla01, remote host: 127.0.0.1 ------

Anything was running in this session.

#sh admin session Id User Name Start Time Source IP Type Partition Authen Role Cfg ------------------------------------------------------------------------------------------------------------ 2 bla01 09:45:06 CEST Fri Oct 12 2012 1.1.1.1 WEBSERVICE Radius ReadWriteAdmin No

I am running version 64-bit Advanced Core OS (ACOS) version 2.6.1-GR1-P4, build 22 (Aug-14-2012,22:13)

I have attached the debug output from wget.

Is it a problem if I authenticate the user against a remote system ?

Kind regards Klaus

13

Klaus, Sorry for the late reply. I can not reproduce the errors on my machine. Looking at the issue I can not reproduce that error. Below is the code I am using: import urllib import json from xml.dom import minidom class UrlBuilder: def __init__(self,domain, path, params): self.domain = domain self.path = path self.params = params def withPath(self,path): self.path = path return self def withParams(self,params): self.params = params return self def __str__(self): return 'http://' + self.domain + self.path + self.params # or return urlparse.urlunparse( ( "http", self.domain, self.path, self.params, "", "" ) def build(self): return self.__str__() class auth: @classmethod def sessionID(cls, host, username, password): services_path = "/services/rest/V2/" builder_auth_params = '' sid_url = UrlBuilder(host, services_path, builder_auth_params) method = 'authenticate' authparams = urllib.urlencode({ 'method': method, 'username': username, 'password': password }) sessionID = minidom.parse(urllib.urlopen(sid_url.__str__(), authparams)).getElementsByTagName('session_id')[0].childNodes[0].nodeValue return sessionID @classmethod def sessionClose(cls, host, sid): method = "method=session.close" response = req.getXML(host, method, sid) return response class path: @classmethod def v2(cls): return "/services/rest/V2/" @classmethod def v1dot1(cls): return "/services/rest/V1.1/" @classmethod def v1(cls): return "/services/rest/V1/" @classmethod def v1dot2(cls): return "/services/rest/V1.2/" @classmethod def sessionID(cls): return "?session_id=" class req: @classmethod def getJson(cls,host, method, sid): url = UrlBuilder(host, path.v2(), path.sessionID() + sid + "&" + method.__str__() + "&format=json") data = urllib.urlopen(url.__str__()).read() return data @classmethod def postJson(cls, host, method, sid, config): #print host, method, sid, config #exit() url = UrlBuilder(host, path.v2(), path.sessionID() + sid + "&" + method.__str__() + "&format=json") #body = urllib.urlencode(config) #print body data = urllib.urlopen(url.__str__(),config).read() return data @classmethod def getXML(cls,host, method, sid): url = UrlBuilder(host, path.v2(), path.sessionID() + sid + "&" + method.__str__() ) data = urllib.urlopen(url.__str__()).read() return data @classmethod def postXML(cls, host, method, sid, config): #print host, method, sid, config #exit() url = UrlBuilder(host, path.v2(), path.sessionID() + sid + "&" + method.__str__() ) #body = urllib.urlencode(config) #print bod data = urllib.urlopen(url.__str__(),config).read() return data class cli(object): @classmethod def show(cls, host, sid, command): method = "method=cli.show_info" data = req.postXML(host, method, sid, command) return data host = "172.21.21.254" username = 'admin' password = 'a10' commands = ["show version" ] sid = auth.sessionID(host, username, password) for cmds in commands: foo = cli.show(host, sid, cmds) print foo auth.sessionClose(host, sid) Output is: AX Series Advanced Traffic Manager AX2500 Copyright 2007-2012 by A10 Networks, Inc. All A10 Networks products are protected by one or more of the following US patents and patents pending: 7716378, 7675854, 7647635, 7552126, 20090049537, 20080229418, 20080040789, 20070283429, 20070271598, 20070180101 64-bit Advanced Core OS (ACOS) version 2.6.1-GR1-P4, build 22 (Aug-14-2012,22:13) Booted from Hard Disk primary image Serial Number: AX25051110280131 aFleX version: 2.0.0 aXAPI version: 2.0 Hard Disk primary image (default) version 2.6.1-GR1-P4, build 22 Hard Disk secondary image version 2.6.1, build 484 Compact Flash primary image (default) version 2.4.3-p4, build 17 Compact Flash secondary image version 2.4.3-p4, build 17 Last configuration saved at Oct-9-2012, 14:54 Hardware: 8 CPUs(Stepping 5), Single 74G Hard disk Memory 6123 Mbyte, Free Memory 1581 Mbyte Current time is Oct-15-2012, 16:53 The system has been up 0 day, 2 hours, 33 minutes AX2500#

14

Hi JackofallTrades,

I found the problem why it is not working in my installation.
I have configured a enable-password in my system. If the enable-password is defined it is not
working. If the enable-password is the default ( a return ) it is working. Could you please try it.
# configure
# (config)#enable-password WORD The password
# Remove the password with
# (config)#no enable-password
Kind regards
Klaus