Adapter
Adapter for Integration to Cisco Viptela
Overview
This adapter is used to integrate the Itential Automation Platform (IAP) with the Viptela System. The API that was used to build the adapter for Viptela is usually available in the report directory of this adapter. The adapter utilizes the Viptela API to provide the integrations that are deemed pertinent to IAP. The ReadMe file is intended to provide information on this adapter it is generated from various other Markdown files.
Details
The Cisco Viptela adapter from Itential is used to integrate the Itential Automation Platform (IAP) with Cisco’s Viptela controller to offer a cloud-scalable SD-WAN solution for configuration, orchestration and monitoring of an overlay network. Viptela fits within the overall Cisco Digital Network Architecture (Cisco DNA) to complement its platform for WAN optimization, automation, virtualization and analytics.
With this adapter you have the ability to perform operations with Cisco Viptela such as:
- Configure and Manage Cisco Devices in the Cloud.
- Add and Remove Devices to Inventory: Through IAP, a new device can be added to the network inventory so that it can be managed by Ansible Manger. A device that is no longer utilized from the network inventory can also be removed through IAP.
- Perform Pre and Post Checks: IAP allows for the ability to perform pre and post checks of a device configuration when making modifications to the device.
- Device Configuration Assurance: IAP can back up the configuration on the device in a native format that can be restored to the device if there are issues.
- Template
- Policy
- Alarm
For further technical details on how to install and use this adapter, please click the Technical Documentation tab.
Cisco Viptela
Table of Contents
Specific Adapter Information
Authentication
This document will go through the steps for authenticating the Viptela adapter with Dynamic Token Authentication. Properly configuring the properties for an adapter in IAP is critical for getting the adapter online. You can read more about adapter authentication HERE.
Viptela uses Basic Auth to get a Session AND Token. The adapter will extract the session information out of the Cookie and return that information on the Cookie in all future requests. In addition, the token will be placed into the X-XSRF-TOKEN header in all future request. In addition to the session and token, the Basic Auth is required not only to get the token but on all future requests.
Companies periodically change authentication methods to provide better security. As this happens this section should be updated and contributed/merge back into the adapter repository.
Dynamic Token Authentication
The Viptela adapter authenticates with a dynamic token.
STEPS
- Ensure you have access to a Viptela server and that it is running
- Follow the steps in the README.md to import the adapter into IAP if you have not already done so
- Use the properties below for the
properties.authenticationfield"authentication": { "auth_method": "request_token", "username": "<username>", "password": "<password>", "token_timeout": 180000, "token_cache": "local", "invalid_token_error": 401, "auth_field": [ "header.headers.Cookie", "header.headers.X-XSRF-TOKEN", "header.headers.Authorization" ], "auth_field_format": [ "JSESSIONID={token}", "{tokenp2}", "Basic {b64}{username}:{password}{/b64}" ], }you can leave all of the other properties in the authentication section, they will not be used for Viptela dynamic token authentication.
- Restart the adapter. If your properties were set correctly, the adapter should go online.
Troubleshooting
- Make sure you copied over the correct username and password as these are used to retrieve the token.
- Turn on debug level logs for the adapter in IAP Admin Essentials.
- Turn on auth_logging for the adapter in IAP Admin Essentials (adapter properties).
- Investigate the logs - in particular:
- The FULL REQUEST log to make sure the proper headers are being sent with the request.
- The FULL BODY log to make sure the payload is accurate.
- The CALL RETURN log to see what the other system is telling us.
- Credentials should be masked by the adapter so make sure you verify the username and password - including that there are erroneous spaces at the front or end.
- Remember when you are done to turn auth_logging off as you do not want to log credentials.
Sample Properties
Sample Properties can be used to help you configure the adapter in the Itential Automation Platform. You will need to update connectivity information such as the host, port, protocol and credentials.
"properties": {
"host": "localhost",
"port": 443,
"choosepath": "",
"base_path": "/dataservice",
"version": "",
"cache_location": "none",
"encode_pathvars": true,
"encode_queryvars": true,
"save_metric": false,
"stub": true,
"protocol": "https",
"authentication": {
"auth_method": "request_token",
"username": "username",
"password": "password",
"token": "token",
"token_timeout": 180000,
"token_cache": "local",
"invalid_token_error": 401,
"auth_field": [
"header.headers.Cookie",
"header.headers.X-XSRF-TOKEN",
"header.headers.Authorization"
],
"auth_field_format": [
"JSESSIONID={token}",
"{tokenp2}",
"Basic {b64}{username}:{password}{/b64}"
],
"auth_logging": false,
"client_id": "",
"client_secret": "",
"grant_type": "",
"sensitive": [],
"sso": {
"protocol": "",
"host": "",
"port": 0
},
"multiStepAuthCalls": [
{
"name": "",
"requestFields": {},
"responseFields": {},
"successfullResponseCode": 200
}
]
},
"healthcheck": {
"type": "none",
"frequency": 60000,
"query_object": {},
"addlHeaders": {}
},
"throttle": {
"throttle_enabled": false,
"number_pronghorns": 1,
"sync_async": "sync",
"max_in_queue": 1000,
"concurrent_max": 1,
"expire_timeout": 0,
"avg_runtime": 200,
"priorities": [
{
"value": 0,
"percent": 100
}
]
},
"request": {
"number_redirects": 0,
"number_retries": 3,
"limit_retry_error": 0,
"failover_codes": [],
"attempt_timeout": 10000,
"global_request": {
"payload": {},
"uriOptions": {},
"addlHeaders": {},
"authData": {}
},
"healthcheck_on_timeout": false,
"return_raw": false,
"archiving": false,
"return_request": false
},
"proxy": {
"enabled": false,
"host": "",
"port": 1,
"protocol": "http",
"username": "",
"password": ""
},
"ssl": {
"ecdhCurve": "",
"enabled": true,
"accept_invalid_cert": true,
"ca_file": "",
"key_file": "",
"cert_file": "",
"secure_protocol": "",
"ciphers": ""
},
"mongo": {
"host": "",
"port": 0,
"database": "",
"username": "",
"password": "",
"replSet": "",
"db_ssl": {
"enabled": false,
"accept_invalid_cert": false,
"ca_file": "",
"key_file": "",
"cert_file": ""
}
},
"devicebroker": {
"enabled": true,
"getDevice": [
{
"path": "/device",
"method": "GET",
"query": {},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "data",
"responseFields": {
"name": "{host-name}",
"ostype": "{device-type}",
"ostypePrefix": "viptela-",
"port": "{platform}",
"ipaddress": "{system-ip}"
}
}
],
"getDevicesFiltered": [
{
"path": "/device",
"method": "GET",
"pagination": {
"offsetVar": "",
"limitVar": "",
"incrementBy": "limit",
"requestLocation": "query"
},
"query": {},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "data",
"responseFields": {
"name": "{host-name}",
"ostype": "{device-type}",
"ostypePrefix": "viptela-",
"port": "{platform}",
"ipaddress": "{system-ip}",
"id": "{deviceId}"
}
}
],
"isAlive": [
{
"path": "/device",
"method": "GET",
"query": {},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "data",
"responseFields": {
"status": "{reachability}",
"statusValue": "reachable"
}
}
],
"getConfig": [
{
"path": "/device/config",
"method": "GET",
"query": {
"deviceId": "{id}"
},
"body": {},
"headers": {
"Accept": "*/*"
},
"handleFailure": "ignore",
"requestFields": {
"id": "{id}"
},
"responseDatakey": "",
"responseFields": {}
}
],
"getCount": [
{
"path": "/device",
"method": "GET",
"query": {},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "data",
"responseFields": {}
}
]
},
"cache": {
"enabled": false,
"entities": [
{
"entityType": "device",
"frequency": 3600,
"flushOnFail": false,
"limit": 1000,
"retryAttempts": 5,
"sort": true,
"populate": [
{
"path": "/device",
"method": "GET",
"pagination": {
"offsetVar": "",
"limitVar": "",
"incrementBy": "limit",
"requestLocation": "query"
},
"query": {},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "data",
"responseFields": {
"name": "{host-name}",
"ostype": "{device-type}",
"ostypePrefix": "viptela-",
"port": "{platform}",
"ipaddress": "{system-ip}",
"id": "{deviceId}"
}
}
],
"cachedTasks": [
{
"name": "",
"filterField": "",
"filterLoc": ""
}
]
}
]
}
}