4. 5.1 vManage Certificate Administration
Let us start this section. Let’s start with five one. In five one we have to do the certificate management from API. So what does it mean? You can go to we manage. Once you are inside the we manage. You can see here that inside configuration we have certificate. Now once you are inside the certificate, you have various task that you can do the same thing. So not only this but apart from that say for example things related to CSR root CA. Those things as well we can go and manage from the API docs. So we know that if I go here and type API docs so the API document will open. Now once you open the API document, you can search certificate management. Now once you are inside the certificate management, you can see that we have various post and get operations that we can achieve. Even we have the delete option as well.
One delete option delete the certificate and then give the UUID. Now here you can see that the post that is starting is certificate generateinterprisecsrvh certificate view that will recieve the certificate. So first one is to generate the CSR recipe, the certificate save vsmart list to retrieve via smartlist etcd. So suppose if I go to first option here you can see that certificate generate enterprise CSR VH. And now there is option that inside the box you are using the enterprise CA or not. So suppose if I go inside the administration and setting here you can see the recommended option that we are getting is that vantage cloud certificate authorization.
Let me show you that. Recommended is that is actually the Cisco signed certificate. So let me close this one. Controller certificate authorization. I will come to this van edge as well. So there are two types of certificate basically. One is that when you have your controller set up now it is what is happening that most of the customers they are setting the controller over the cloud. Now once you are doing this cloud hosted controller set up then you have options. So you want Cisco automated certificate or semantic one or manual manually you have to do the manual installation of the certificate. Or if your company has your enterprise route certificate then you can use that as well. Correct. Now the recommended is Cisco.
Now once you do that, obviously you have to sync this with the smart account and there is complete process that you have to follow. So you should have your smart account where you will go and put the serial number. Then you have to put the controller information there. Now that smart account controller information where controller is nothing but actually the V bond so that we bond information should sync the we manage. I’ll show you that inside we manage how we can sync that. So then whatever device list you will upload there that will get synced with we manage. And it is something like Parclpnp process in terms of certification, syncing of the certification. So now here you can say that if you want to do this option, that is the recommended one, although you have the semantic option as well. Now that’s the note. So now if you have the cloud hosted controller, Cisco will do most of the part and then they will send you an email that please follow these steps to bring up. Say for example the we manage the V one etcd.
Okay, so what you are doing, you are going here and again there are steps. Let me tell you all the steps. First of all, you have to go and add the smart account detail. That is the step number one. Then what you will do that you can go here, although they will give you four to five steps document that you have to follow. Then you can go ahead and make this as a Cisco one. Then you have to go inside the configuration and certificate and go to the controllers one by one. In all those controllers just generate the CSR. Once you generate the CSR and then if you log into the smart account certificate, you’ll find that all the CSR has been synced actually behind the scene. So you can see there’s a lot many things. And now they have given the Cisco has given the option for the TLS proxy as well. Now, suppose if you have enterprise CA and you want to use as the proxy, you can use it. So there are lot related to certification. The easiest one is that you want to do everything in automated fashion. If you have the cloud hosted controller, you simply go here and do the Cisco. Choose the Cisco one or maybe semantic one recommended Cisco one.
And then for the edge devices, that will be by default automated. Now for the hardware devices, because already you have put the information in the PNP portals and all it will do the automatically certification process. There is no problem in that. If you have the enterprise here, you can go and do that. See, this is the recommended. So your enterprise has your CA certificates and from there it will go and sync. So plan it how you are going to do the certification. Because by the end of day, security is one of the key factors deploying SDWAN. All right, so these options you can see here you have and finally if you go to the devices, once you’re in the devices here, you can see that you can go and sync the smart account, correct. So that was the option that PNP will get sink here if you go and click here, right, so let me not do this thing. Let’s go back to the API, because we are very much focused on API. So at the moment I don’t have enterprise CSR if I want to see the certificate. So here you have the certificate view. Here you have the API and I can go and put let me open the new tab so I can show you in the new one. Now, here some token related issues.
The important thing here is that whatever APIs that you’re seeing you have to go and check it because all the APIs will not work. And suppose if you want to use these APIs and if you have any problem related to that you simply raise case with Cisco and you tell them that these APIs we are looking for or this is the operation I’m looking for which is not working. Probably you can see if you go and check all these API whatever usable API although there is a long list but usable API you can go and check maybe four or five will be usable in the list of maybe 15. All right, so here you can see that we are getting the result and in this result you can see that I’m seeing and basically we are focused on the data column. So here you can see that we bond related information the vBond, the serial number, the NCS number, configuration template, long list of information we have and here you can see the certificate. Here you can see the Enterprise certificate.
So in this option, whatever required things that I’m looking for, it is coming correct. And here you can see all these details steps like template apply log these things are actually very hard to get. Actually it’s not possible to get from the CLI. You don’t have any clique elements of these things that you are seeing here otherwise you have to go and go behind the scenes. You have to go to the shell prompt and from there you have to go and check the locks certificate related locks then you’ll get these informations correct. Great, let’s check the other as well. So after that you can see that you can check the Vsmart list then you can check again. Both are almost same. Retrieve the Vs smart list if I go and run this also and here you can see the VA smart list and what was this? This was also the same and here you can see the Vsmart list. So post and get method that you’re seeing here both are the same. Then you can go and check the Save the Vs list. Some places you are seeing this body what is this?
This is something like post related query body that you can understand in the upcoming section where we want to post something via the Python API. So those things are there better. Whenever you are doing the post method, use the Python way to do it. But still at this point of time it is recommended that you use the we manage GUI to do all type of post. Because anyways we manage GUI is sufficient enough and most of the things are already automated inside the we manage GUI that you can do either from the API post. So API post alternatives we manage that you can do or if you want to do fastly, you can use the Python programming as well. So again we can see this V edge list. And if you go here, if you go and check this, you will find the response 200, that means that is good. And then you can carry forward and you can go and paste this here. So let me go and paste this output here I can go and paste this query and again you can see the data. Data is the important one.
So the VA is the serial number, the NCS. If the font is small, I can go and click, it will become bigger. And if you want to filter something even we have the filter option as well, we can go and filter. So here one by one, if I go to data zero and then you can see one, then you can see the other VH, then other VH, then other VH. Likewise we are getting all zero to four certificate details. Correct. Again VH is the same. Then force sync the root set if you want. If you want to reset the RSA again if you want to reset it, you can use the we manage how it is means. Once you are inside the configuration and certificate you can regenerate the CSR. So option is there. If you have done the manual installation even in automated as well, you have this generate the CSR or reset the RSS. So these options are there that you can go and use. Once you do that, again you want to use the certificate for recertification process, the certificate record is there, you can go and check the certificate record as well.
So most of the things has been automated. Still few of the things are not as per expected. That we can check with Cisco as well that we are looking for these APIs which are not working. So they will help you on those places. Already you can see all the certificates install and the information about that. Correct. Great. Then rest of the certificates, this device list, already we have seen the CSI details, you can get the device details, you can get the root certificate. Again it will tell you about the root certificate at least for the documentation purposes it is good. And here you can see the root certificate. Begin with that here also you can check the output. So here you can see this is the output and the best output we can get in the Mozilla. So again if I copy this and paste into the Mozilla so let me go and paste your root certificate. And here you can see that root certificate. Correct. So see the power of APIs, that you are getting the information within fraction of seconds at the moment I row and click and it is going.
5. 5.2 SDWAN API integration with Python Part 01
Now we reach to section five two, where we have to learn understand about the API integration with Python or how we can convert this st van API to the Python script. And then we can get the device inventory and other information’s. So let me quickly show you some of the URL where you can go and get the reference here. First of all, the good reference point is this httpsdeveloper cisco. com. Now if you go there, you can go and check, say for example, this particular URL that we are seeing here. The way is that you go to developer and check with SDWAN or search with SDWAN. Then you will get multiple links, correct? Now here you can see that why Estiman, why use it? What is it? S t van overview, what is SQL SDWAN Rest API and where you will get all these documentation and all how this looks like. Each and every information you’ll get. At least you will get the start. This can be good starting point. You will get the good document related to the SDWAN Rest APIs.
Now, coming back to the DevNet. So here you can see this developer Cisco. com, where you can go and check other stuff as well related to SDWAN APIs and others. And here you can see clearly that you have, say for example, intro to SDWAN Rest API. Then you can see the Rest API with postman the Python. Now, we are very much looking for the Rest API with Python topic that I will show now. But you can go and reserve the labs as well. So here you can see that we have the SDWAN sandboxes. We have SDWAN always on sandboxes as well. So if you click there, you will get the controllers, you’ll get the edge devices, you can reserve that lab with your company email address, if your company has at least the basic partnership, because there are so many different types of partnerships with Cisco.
So if you are using Cisco product and if you have the partnership with Cisco, then you can go and use the sandboxes. You have to go there, click reserve it, you’ll get one email, you’ll get the Cisco, any connect link, you can log in and then you can access those devices, correct. So you can utilize that. Now, once you go inside this topic number three, that is the Rest API, Python integration, then this will explain you that how this integration looked like. And first of all, it will start with a very basic basic means that what are the steps we have related to API and Python integration. Even I’ll show you this code in the here as well. So let me go here if I can.
So I have the access here in my library and how I have built this. I’ll show you that. So, if I go here and if I check, say estivan PY. So here on top you can see that you have this code where you are importing certain functions. So for example request JSON, click OS tablet all this information. So what this tablet will do, why you are importing JSON, what are the requests each and every things apart from that this ignore message related to URL library disabled warning then the username and password, what this section will do, why we have these sections.
This information you will get, you will get from here. Okay so code obviously I will post with the course. But if you know the basics of how with this program, with this Python program we are actually creating the library. Actually we are not creating the library but we are calling the API library inside Python program. Now once you call the API library inside Python program then Python program can do the query like we are using the query with the URL, with the mozilla or firefox et cetera. But you can do the query means the Python program can do the query and then it will get the result in the JSON format. So here you can see that first of all you should log in ignoring some of the certificate messages. One, once you go and log in to the device then you should have the library correct. Now once you have the library so here you can see that whenever we are running the API we are using the data services, correct? After data services you can give any of the other things like devices or certificate or anything. Now this library that we have here in the program, it will do all the things.
So it is related to Get, put, post everything. Now mostly we are focusing on Get method because we want to do the monitor, we want to do the recruitment of data. So for example once you log in say here you can see the Get request. With this we manage IP and once you logged in then what you want to do. So here we have the definition related to post as well. Obviously request you have definition with Get as well. Post means obviously you want to create an object. Just you want to see the information. Here you can see that you have the Get definition as well. And from where we can get this code I will show you that as well. So once you are familiar with the top thing means how to log into the device. So first of all, how to use the library function first. So once you know that what are the functions we needed. So these are the library functions and the call then how you are going to log in to the device. Then you can go and build different type of functionalities, correct? So for example device list, I will come back to that device list but slowly you can go and build it, correct. Now while building this libraries so let me go to the next you can see that the rest API library so login get request, post request and here we have the library. Then the very important thing, very important point that you have the library. Now, once you have the library, then you can integrate with the API. So you can run the API and the API results. How we are getting the API results are in the form of JSON format. Now, those JSON format I can go in Python and those information I can convert in some sort of table format. Correct. Now, if you want to get the codes here, you can see that getting started with Cisco St van GitHub. This place, you have to go and check it properly means we should follow this particular link step by step. If you are building rest, even code, this can be very good starting point. So here, if you go ahead.
6. 5.2 SDWAN API integration with Python part 02
All right. So we are at this URL. If you go, you will get this step by step thinks that how you want to clone this. So here you can see, I can go and do Git clone in my automation system. And I can clone this program. Then I can go inside the directory. And then if I want virtual environment, I can use that virtual environment environment. And then it will work. Now, important thing here is that there are some requirements in this means you need some sort of table, a request and all those informations that you want to go and check from here. Then you should give the IP and the username and password means you can set this as an environment variable. And then this program will be good to run. Here are some output just for the reference and how this program looks like. So, let me quickly show you this program, how it looks like. So here you can see that I have my program in the sublime. And this will start like this. Then you should go and define the API library.
Once you define that, then you can go and create the function. So here you can see that I’m using this device list. Because that’s the requirement for this section. What I’m taking in device list, what are the keys I’m taking? So, what the host name, the device type, device ID, system, IP, et cetera. Now, it’s very interesting, important that how you want to print this, correct? So what we are doing here and see that we have our API. So our API is this devices. And here you can see, if you go and check this request equal to JSON, load that SDWAN, get the request device. So, this device is not just a device, but this is your we manage IP, then data services. So, up to data services, we have the API built. And obviously you’re putting the we manage IP, you’re setting it as an environment variable. Then after data services, whatever you will put, correct? So that will be the complete API call. So https we manage IP port number, data service and then device. So that means you’re calling the API. What information you are extracting from the API is these information. So, I’m extracting this information, but how I am printing it.
So here you can see that we have the for loop an item. So here you can see this items. So I am taking the item inside the items. And then I am storing inside this tr how I am storing it. So hostname and likewise I’m printing as well. So hostname the device ID and they should not be the same. This is the format actually I want to print. So what are the things I am printing these information inside the device list. Now, once I will read so what are the things we are doing once we are running the API, once we are restoring those APIs means this is the output format that I have. And once I’m running this for loop means I’m restoring the JSON, then I am printing this JSON in the table format, correct? So this table format and again we have the fancy grid and all how it will work, how it looks like that, you will see. So I will go and run this. Now, in this particular function, in this particular function that we have, let me go a little bit. So I have this function called Device underscore list. That’s it. If I go and print till here, it will work. But I have added a few more API call as well. Suppose if I want device and controller information, so for that information I have added, then suppose if I want other information as well, like System, Device and Vs device where the device type, the serial number, the device is created, validity, et cetera, those information if I want.
So for that also, I have built this inside this, actually I have called three API taking the input for the JSON format. And then I’m going to print it the same thing you will see here as well in the program, but because the font is smaller. So that’s why I have shown you there in the sublime format. All right? So once we have that program up and running, and here you can see this is not time looking for the device list I’m looking for. So here we have the device list. Although in this program that we are seeing here, I have only one call, correct? Because this is exactly the copy that we have in the Getting started with Cisco folder from the GitHub. So, what I can do here, let me do this little quick. I can go out from here and then I can create, say, nano newest. And I know the font is a bit small, but I have given just a name and then I can go to this place.