Cisco – Rest API to export configuration from an ACI

automationcisco

Is it possible to pull config from Cisco APIC controller using REST API from a remote server .

Best Answer

I don't know if it's really what you're looking for, but for science you can export APIC configuration in JSON or XML format via REST.

First of all you need to obtain authentication token by running POST request to https://{{APIC}}/api/aaaLogin.json with JSON body:

{
    "aaaUser" : {
        "attributes" : {
            "name" : "{{username}}",
            "pwd" : "{{password}}"
        }
    }
}

Verify that body type is application/json.

On Python it will look like this:

    import requests

    APIC = "10.11.12.13"
    APIC_URL = f"https://{APIC}"
    API_URL = f"{APIC_URL}/api/node/mo/"
    AUTH_URL = f"{APIC_URL}/api/aaaLogin.json"
    body = {
        "aaaUser" : {
            "attributes" : {
                "name" : "USERNAME",
                "pwd" : "PASSWORD"
            }
        }
    }

    def get_auth_token(body):
        """
        Obtain authentication cookie for future requests
        """
        func_name = get_auth_token.__name__
        log_str = f"{func_name}(): "

        headers = {'Content-Type': "application/json", 'cache-control': "no-cache"}
        result = requests.post(AUTH_URL, data=body, headers=headers, verify=False)
        if result.status_code != 200:
            print(f"{log_str}HTTP {result.status_code}: request error!")
            return

        try:
            js = result.json()
            cookie = {}
            cookie['APIC-Cookie'] = js['imdata'][0]['aaaLogin']['attributes']['token']
            return cookie
        except:
            return

Then you can do GET request to obtain uni child objects which will be configuration you want:

https://{{APIC}}/api/node/mo/uni.json?query-target=children

query-target=children can also be replaced with query-target=subtree to get even more data including existing endpoints, counters, etc...

You should include authentication token in your request:

    def query_uni(cookie):
        """
        Retrieve JSON of requested static VLAN pool
        """
        func_name = query_uni.__name__
        log_str = f"{func_name}(): "

        uri = "uni.json?query-target=children"
        result = requests.get(f"{API_URL}{uri}", cookies=cookie, verify=False)
        if result.status_code != 200:
            print(f"{log_str}HTTP {result.status_code}: request error!")
            return
        try:
            return result.json()
        except:
            return

You're can also do this with Postman or another app that helps with REST API testing/troubleshooting.

===============================

It is important to note, that configuration obtained with that method cannot be counted as valid fabric backup. For backups you should use special instruments available inside APIC GUI that create snapshots and full backups and store them on APIC or external resources such as FTP/SFTP/TFTP.

Related Solutions

Cisco – n automatable way to backup the configuration from a WLC 2504 controller

Use a script to login to the WLC and run the transfer command: http://www.cisco.com/en/US/docs/wireless/controller/6.0/command/reference/cli60.html#wp1327209

You can use this to upload the config from the WLC to another server via TFTP/SFTP/FTP.

(Cisco Controller) >transfer upload mode sftp 

(Cisco Controller) >transfer upload username my-osx-user

(Cisco Controller) >transfer upload password my-os-password

(Cisco Controller) >transfer upload serverip 192.168.1.10

(Cisco Controller) >transfer upload path /Users/my-osx-user/

(Cisco Controller) >transfer upload filename wlc.config

(Cisco Controller) >transfer upload datatype config

(Cisco Controller) >transfer upload start

Mode............................................. SFTP
SFTP Server IP................................... 192.168.1.10
SFTP Server Port................................. 22
SFTP Path........................................ /Users/my-osx-user/
SFTP Filename.................................... wlc.config
SFTP Username.................................... my-osx-user
SFTP Password.................................... *********
Data Type........................................ Config File 
Encryption....................................... Disabled

                                                          **************************************************
                            ***  WARNING: Config File Encryption Disabled  ***
                                                                              **************************************************


Are you sure you want to start? (y/N) y

SFTP Config transfer starting.

File transfer operation completed successfully.

(Cisco Controller) >

While the link points to WLC 6.0, the example was run on 7.4.

Cisco – Automate configuration backup (every minute) in Cisco IOS

You have several options to get this type of functionality on a Cisco device. (Which one you use depends on your needs and sometimes on the device and IOS load. Some older devices/IOS loads will have different capabilities.)

EDIT: You are asking about doing this every one minute, which as you found out in our chat about this question, will bog down your router. (Especially in GNS3.) The below options are available to you for automating confirguation backup, however I would not recommend doing so every 1 minute.

You could either:

Use Cisco's Kron functionality for command scheduling. This will allow you to execute predefined commands on a scheduled basis. As you pointed out, copy run tftp requires file prompt confirmation. (Unless you've turned off file prompt confirmation, however I don't recommend it as a normal setting.) Redirecting does not require confirmation. So the command used in the scheduler is show run | redirect tftp://$SERVERIP/$PATH/$FILE
Use Cisco's Archive functionality for configuration management. Archive is a way to store multiple copies of the config in a sequential fashion and roll back configs if needed to a previous version. Copying out with Kron overwrites the previous config, while Archive allows you to keep up to 14 different config versions in the specified location. See this link on the Cisco Learning network for more useful info on Archive. Specifically how to dynamically set the filename with the $h and $t tags.

In either of the below samples, you can adjust the times to your needs, these are just what I quickly pulled out of some production gear.

Sample config to have Kron write config and back it up to a tftp server once a week:

kron occurrence SaveConfig at 23:50 Mon recurring
policy-list SaveConfig
!
kron occurrence BackupRunningConfig at 23:55 Mon recurring
policy-list BackupRunningConfig
!
kron policy-list SaveConfig
cli write
!
kron policy-list BackupRunningConfig
cli show running-config | redirect tftp://10.10.10.10/configs/testswitch.txt

Sample config to have Archive back up your config to a tftp server daily:

archive
 path tftp://10.10.10.10/configs/$h-$t
 time-period 1440
 maximum 14

Best Answer

Related Solutions

Cisco – n automatable way to backup the configuration from a WLC 2504 controller

Cisco – Automate configuration backup (every minute) in Cisco IOS

Related Topic