Topic: tech juniper ijaut prev next

tech juniper ijaut > 10: Junos REST API

Introduction to Junos Platform Automation and Devops

Module 10: Junos REST API

Overview

No client context is stored on the REST API server. Hence, a REST API is stateless.

Junos 14.2 and later support a REST API enabled through device configuration. The default port is 3000 for HTTP and 3443 for HTTPS. The addresses are optional. The API currently supports IPv4.

set system services rest http
set system services rest http port 3030
set system services http addresses [ x.x.x.x y.y.y.y ]

A certificate should be generated to enable HTTPS access.

request security pki generate-key-pair certificate-id REST_CERT
request security pki local-sertificate generate-self-signed certificate-id REST_CERT subject CN0vmx01 domain0name vmx-1.edu.junipert.net
configure
set system services rest https server-certificate REST_CERT
set system services rest https port 4334

Access can be restrictied by source IP address and number of simultaneous connections.

Querying the Junos REST API

Basic HTTP authentication is required for all Junos REST API requests. Data can be returned in HTML, XML, JSON or plain text formats. The default return format is XML.

curl -k -u "username:password" https://.../rpc/get-interface-information

The ‘-k’ option bypasses HTTPS certificate checking.

Use the ‘format’ attribute to change the return format. Attributes are prefixed with ‘@’, e.g.;

curl -k -u "username:password" https://.../rpc/get-interface-information@format=text?interface-name=ge-0/0/0&terse=0

It is possible to send multiple RPC’s in one HTTP/HTTPS requrest by making a POST request.

curl -k -u "username:password" "https://.../rpc" -d "
    <get-interface-information<terse /></get-interface-information>
    <get-bgp-summary-information/>"

Additional debugging can be enabled. Because the JUISE processes are executed inside a chroot environment for security, the log files are written to the /var/chroot/rest-api/var/log/lighttpd and /var/chroot/rest-api/var/log/juise directories on the device.

set rest traceoptions flag lighttpd
set rest traceoptions flag juise
set rest traceoptions flag all

REST API Explorer

To enable the explorer;

set system services rest enable-explorer

After committing the configuration, open the API location in a browser.

Here is an example script to check whether Telnet and FTP are enabled on a device.

response = requests.post(
    "http://{}:3000/rpc".format(device),
    data=CONFIG_FILTER,
    auth=requests.auth.HTTPBasicAuth(USER, PASSWORD),
    headers=("Accept": "application/xml", "Content-Type": "application/xml")
)

XML_lines = "\n".join(response.text.splitlines()[3:-1])
resp_XML = stree.fromstring(XML_lines)

telnet_enabled = len(resp_XML.xpath("configuration/system/services/telnet")) != 0
ftp_enabled = len(resp_XML.xpath("configuration/system/services/ftp")) != 0