{"id":2066,"date":"2024-10-17T14:35:13","date_gmt":"2024-10-17T18:35:13","guid":{"rendered":"https:\/\/enterpriseadmins.org\/blog\/?p=2066"},"modified":"2024-10-17T14:35:13","modified_gmt":"2024-10-17T18:35:13","slug":"automating-cluster-management-with-aria-operations-api","status":"publish","type":"post","link":"https:\/\/enterpriseadmins.org\/blog\/scripting\/automating-cluster-management-with-aria-operations-api\/","title":{"rendered":"Automating Cluster Management with Aria Operations API"},"content":{"rendered":"\n

As part of routine maintenance, it is sometimes necessary to take an Aria Operations cluster offline. For example, it is recommended to take the cluster offline to perform backups (https:\/\/docs.vmware.com\/en\/VMware-Aria-Operations\/8.12\/Best-Practices-Operations\/GUID-1D058B4A-93BA-44D1-8794-AE8E1B96B3E4.html<\/a>).<\/p>\n\n\n\n

Since most folks want to schedule backups, it is important to be able to leverage automation to take the cluster offline. There is an cluster management API document at https:\/\/ops.example.com\/casa\/api-guide.html<\/a> that has some details on how to do this.<\/p>\n\n\n\n

Authentication<\/h2>\n\n\n\n

When logging into this API, I provided the admin username\/password combination. Here is an example of checking the cluster state using that method:<\/p>\n\n\n\n

$creds = Get-Credential\n(Invoke-RestMethod -URI https:\/\/ops.example.com\/casa\/sysadmin\/cluster\/online_state -Credential $creds).cluster_online_state_snapshot<\/code><\/pre>\n\n\n\n
However, I’d prefer to use a centrally managed service account in Active Directory for such tasks. The ability to do this was first introduced in vRealize Operations 8.6 (doc<\/a>) and still exists in Aria Operations 8.18 (doc<\/a>). It depends on a separate Active Directory configuration \/ definition than the one in the product UI. The links provided show where\/how to configure this identity provider from the \/admin<\/code> interface.  Here is a screenshot showing this configuration:<\/p>\n\n\n\n
\"\"<\/a><\/figure>\n\n\n\n
Once Active Directory is configured for admin operations, we need to change our API authentication slightly to be able to use it. In the original example, we provided our username & password as a powershell credential object. In this example, we’ll end up with an extra API call to authenticate, then use the resulting bearer token as a header when checking the status. A code sample is below, but you’ll notice the authorization header that passes vrops-ldap<\/code> along with base64 encoded username (as an AD userPrincipalName), colon, and password to an authorize<\/code> resource. That resource will return a token that we’ll provide as a header to check the cluster status.<\/p>\n\n\n\n
$b64 = [System.Convert]::ToBase64String([System.Text.encoding]::ASCII.GetBytes(\"h267-opsbu@lab.enterpriseadmins.org:VMware1!\"))\n\n$authorize = Invoke-RestMethod -Uri 'https:\/\/ops.example.com\/casa\/authorize' -Method Post -ContentType 'application\/json' -Headers @{Authorization=\"vrops-ldap $b64\"; Accept='application\/json'}\n\n(Invoke-RestMethod -URI https:\/\/ops.example.com\/casa\/sysadmin\/cluster\/online_state -Headers @{Authorization=\"Bearer $($authorize.accessToken)\"; Accept='application\/json'} -ContentType 'application\/json').cluster_online_state_snapshot<\/code><\/pre>\n\n\n\n
Taking the cluster offline<\/h2>\n\n\n\n
With the authentication sorted out above, we can now post to this API to take the cluster offline.  You’ll notice that we set the state to offline and provide a reason why.  The example uses the same bearer token that we created in the above example.<\/p>\n\n\n\n
$body = @{ 'online_state'='OFFLINE'; 'online_state_reason'='Lets back this thing up.'} | convertto-json\nInvoke-RestMethod -URI https:\/\/ops.example.com\/casa\/sysadmin\/cluster\/online_state -Body $body -Method POST -ContentType 'application\/json'  -Headers @{Authorization=\"Bearer $($authorize.accessToken)\"; Accept='application\/json'}<\/code><\/pre>\n\n\n\n
The above example submits a request to take the cluster offline but returns immediately after doing so.  In the URI we could provide a ?async=false<\/code> so that our command waits until completion.  Another option would be to submit an async request (default), then create a loop to periodically check the cluster state using the prior ‘get’ request until the cluster is offline.  I prefer the periodic polling option, as you can code in your own counter\/timing\/failure logic as needed.<\/p>\n\n\n\n
If you check out the docs at \/casa\/api-guide.html, you’ll also see examples of setting the “Show reason on maintenance page” checkbox via the JSON body.<\/p>\n\n\n\n
Bring the cluster back online<\/h2>\n\n\n\n
After our maintenance \/ backup task is complete, we’ll want to bring the cluster back online.  In this example we don’t need to provide a reason in our body.<\/p>\n\n\n\n
$body = @{ 'online_state'='ONLINE'} | convertto-json\nInvoke-RestMethod -URI https:\/\/ops.example.com\/casa\/sysadmin\/cluster\/online_state?async=false -Body $body -Method POST -ContentType 'application\/json' -Headers @{Authorization=\"Bearer $($authorize.accessToken)\"; Accept='application\/json'}<\/code><\/pre>\n\n\n\n
In this example I’m using the ?async=false<\/code> so that the API call doesn’t return until the cluster is back online.  Again, we could opt to use the default async request and periodically poll the service if we’d like.  <\/p>\n\n\n\n
Conclusion<\/h2>\n\n\n\n
The casa<\/code> API is very useful for automating cluster management tasks.  This article focuses on a few examples related to cluster state changes and authentication, but the API supports many other things, like PAK file uploads, NTP & certificate management, and even the configuration of AD authentication.  You should check out \/casa\/api-guide.html on an Aria Operations node for more examples. <\/p>\n","protected":false},"excerpt":{"rendered":"
As part of routine maintenance, it is sometimes necessary to take an Aria Operations cluster offline. For example, it is recommended to take the cluster offline to perform backups (https:\/\/docs.vmware.com\/en\/VMware-Aria-Operations\/8.12\/Best-Practices-Operations\/GUID-1D058B4A-93BA-44D1-8794-AE8E1B96B3E4.html). Since most folks want to schedule backups, it is important … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[9,3,4],"tags":[],"class_list":["post-2066","post","type-post","status-publish","format-standard","hentry","category-lab-infrastructure","category-scripting","category-virtualization"],"_links":{"self":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts\/2066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/comments?post=2066"}],"version-history":[{"count":5,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts\/2066\/revisions"}],"predecessor-version":[{"id":2075,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts\/2066\/revisions\/2075"}],"wp:attachment":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/media?parent=2066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/categories?post=2066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/tags?post=2066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}