A10 Harmony API

A10 HarmonyTM Controller is the central management platform for A10 products. The controller exposes APIs for all the configuration and management tasks as well getting analytics data. These APIs are called A10 Harmony API.

A10 Harmony API provide RESTful interface and use JSON as data exchange format. All API calls work on secure HTTP (HTTPS) protocol and is authenticated. API micro-service of Harmony Controller serves the APIs. This is different from the micro-service that serves Harmony Portal. Base URL of API server must be prepended to the URI of the specific API before making the API call.

<API Server URL>/<API URI>
https://api.a10networks.com/api/v2/session

In this example,

API Server URL:https//api.a10networks.com/api/v2
API URI:/session

The Basics

A10 Harmony API follow the principles of REST APIs and have objects and their properties. Each object has a rest endpoint and support common methods GET, POST, PUT and DELETE.

REST Interface

GET call on the collection lists all the objects in the collection.

GET /{object_collection}
GET /applications

POST call on collection adds new object in the collection.

POST /{object_collection}
POST /applications

GET, PUT and DELETE calls on individual object read, update and delete the object respectively.

DELETE /{object_collection}/{object_name}
DELETE /applications/MyApp

For nested objects, URIs extend as per hirarachy.

GET /{parent_object_collection}/{parent_object_name}/{child_object_collection}/{child_object_name}
GET /applications/MyApp/hosts/default-host

Data Input

The APIs accept data in form of JSON objects. In this documentation, request object and well as JSON schema is provided for each API call. In some cases (mostly GET or DELETE calls), sending data may not be required.

{
  "name": "MyServiceEndpoint",
  "description": "Some Description"
 }

Headers

Other than standard HTTP headers, Harmony APIs require some customer headers. One custom header is used for authentication purpose. Other headers are required for Provider and Tenant information. Content-Type header is also required to be set to correct value (application/json) as input data is in JSON format.

'provider": MyProvider'
'Content-Type: application/json'
'Access-Control-Allow-Origin: controller.mydomain.com'

Authentication and Authorization

Each API call is authenticated and checked for authorization before it is accepted by the controller. Encrypted credentials of the user or a session token is required to be sent with each API call for the purpose of Authentication and authorization. This is done via “Authorization” header.

Two schemes of Authorization are supported - Basic and Session.

'Authorization: Basic YWtzaGF5QGFwcGNpdG8ubmV0OndlbGNvbWUxMjM='

Value of Basic Authorization header is constructed with base64 encoded value of user credential string. User credential string is created by concatenating username and password separated with a colon (:).

base64.encode('username:password')

Value of Session Authorization header is constructed with the session ID obtained from controller in return of a ‘sessions’ API call.

'Authorization: Session b9629bb9-1bae-4a03-a59e-2737246f7697'

Getting Started

Typical flow of working with APIs is:

  1. Create Session
  2. Call Required APIs
  3. Delete Session

Create Session

First step is to create a session with controller and obtain session ID. This session ID can now be used for making other calls. POST call on Sessions collection create a new session.

curl 'https://api.a10networks.com/api/v2/sessions' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Basic c29tZW9uZUBleGFtcGxlLm5ldDpwYXNzd29yZA==' \
-H 'provider: root' \
--data-binary '{"userId":"someone@example.net"}'

The newly created session object is returned in JSON format.

{
  "id" : "914cc8d1-3df0-4910-beea-6b0016ba626b",
  "providerId" : "067e6162-3b6f-4ae2-a171-2470b63dff00",
  "provider" : {
    "name" : "root",
    "id" : "067e6162-3b6f-4ae2-a171-2470b63dff00",
    "authenticationProvider" : {
      "type" : "default",
      "inheritable" : "optional"
    },
    "services" : [ ]
  },
  "authenticationProvider" : {
    "type" : "default",
    "inheritable" : "optional"
  },
  "userId" : "someone@example.com",
  "createdAt" : "Jul 28, 2017 09:02:09 AM UTC",
  "lastAccessedAt" : "Jul 28, 2017 09:02:09 AM UTC"
}

‘id’ from the session object will be used for session authentication in all subsequent calls. This session expires after 60 minutes of inactivity and required to be created again.

Call Required APIs

Sequence of APIs can be called to perform the required task. All these API calls can use the session authentication by including session id obtained in previous step as part of Authorization header.

curl 'https://api.a10networks.com/api/v2/roles' \
-XGET \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 914cc8d1-3df0-4910-beea-6b0016ba626b' \
-H 'provider: root'

Any number of API calls can use the same session.

curl 'https://api.a10networks.com/api/v2/providers/root/tenants' \
-XGET \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 914cc8d1-3df0-4910-beea-6b0016ba626b' \
-H 'provider: root'

Delete Session

Though the session automatically expires in 60 minutes, it is a good practice to delete the session after use. Calling session object’s URI with DELETE method deletes the session. After delete, session id can’t be used for session authentication.

curl 'https://api.a10networks.com/api/v2/sessions/914cc8d1-3df0-4910-beea-6b0016ba626b' \
-XDELETE \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 914cc8d1-3df0-4910-beea-6b0016ba626b' \
-H 'provider: root' \

Harmony Objects

Complete object reference with schemas and methods is available at API explorer.

Provider and Tenant

A10 Harmony Controller supports multi-tenancy. Multiple tenant accounts may be created under a provider. Further tenants can create their own applications and Lightning ADC clusters. Having Provider and Tenant as organizational units within Harmony Controller enables agile and self-service IT operations in an enterprise where central IT team acts as providers of application delivery services to the individual business units and application teams. Self-service can be provided to the individual application teams who can efficiently deploy ADC clusters, operate and control the policies of their own applications.

Similarly, the provider-tenant model enables Managed Service Provides (MSPs) to serve their customers efficiently.

Application

The top-level application container represents the logical application abstraction. Consider this a group of microservices offering a logical functionality that makes sense to the application users. Each of these microservices represent a subset of the application. A tenant (account) may have any number of applications.

Domain Endpoint

A group of Fully Qualified Domain Names (FQDNs) is represented as a domain endpoint in Lightning ADC. For various business reasons, it may be required to offer the same functionality on multiple domains. All these domains may be configured into a single domain endpoint. Since all domains offer the same functionality, they share the same infrastructure as well.

Service Endpoint

A service is identified by a set of application servers and a segment of traffic served by these servers. All servers in a service offer the exact same functionality and share the load. Different services are created to serve each traffic segment. This enables content-based switching for the application traffic.

Smart Flow

The next level of content-based traffic segmentation is provided by Smart Flows for granular policy application.

Policies and Other Configuration Items

Lightning ADC gives users full control over their application traffic. Knobs and controls are available at each level to manage, customize, secure and optimize traffic, as needed.

How To …

This section lists how various tasks can be performed using Harmony APIs. The list here is not exhaustive and covers only a few use case cases.

Create Lightning ADC Cluster

Lightning ADC Cluster is represented by cspcluster object. POST call on the object collection creates a new cluster. Other than authorization information, this call requires provider as well as tenant name as headers. Cluster name is passed as data.

curl 'https://api.a10networks.com/api/v2/cspcluster' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session f3f8c1df-7455-4207-bb6e-822a5f85ba2e' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"DemoCluster","state":"ACTIVE"}'

This call returns the newly created cspcluster object from which cluster ID can be read and used for connecting Lightning ADCs to the Harmony Controller

{
    "name" : "DemoCluster",
    "state" : "ACTIVE",
    "accountId" : "d07c346a-a147-4791-9da7-abb8c2e877f1",
    "clusterId" : "iif2qv6uns",
    "launchState" : "NOT_STARTED",
    "infraCredentialNames" : [  ],
    "csps" : [  ],
    "createdAt" : "Jul 31, 2017 11:24:58 AM UTC",
    "lastModifiedAt" : "Jul 31, 2017 11:24:58 AM UTC",
    "lastModifiedBy" : "someone@example.net",
    "references" : [  ],
    "auditStatus" : "This is a new cluster and not yet audited. Auditing ‘ll happen in a few minutes.",
    "techSupport" : "No tech support information available",
    "reconfirmAuditCount" : 0,
    "auditRequired" : true,
    "previousConsistencyStatus" : true,
    "id" : "DemoCluster",
    "nodes" : [  ],
    "consistent" : false
}

Delete Lightning ADC Cluster

DELETE call on individual cspcluster object deletes the specific cluster.

curl 'https://api.a10networks.com/api/v2/cspcluster/DemoCluster' \
-XDELETE \
-H 'Content-Type: application/json' \
-H 'Authorization: Session f3f8c1df-7455-4207-bb6e-822a5f85ba2e' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary 'null'

Create Application

For creating an application configuration, the entire object hierarchy needs to be created. Calling POST APIs of the objects in the sequence does the job. By default, all the values are taken as default.

1. Create Application

POST call on applications collection creates a new application.

curl 'https://api.a10networks.com/api/v2/applications' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"MyDemoApp","state":"ACTIVE","description":"MyDemoApp","productId":"Pro"}'

2. Create Domain EndPoint

As of now only one Domain EndPoint called default-host is to be created per application. However, each Domain EndPoint can have multiple domains.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"default-host","description":"default-host","domains":[{"fqdn":"www.example.com"}],"transportPropertiesList":[{"name":"http_80","port":80}]}'

3. Create Service EndPoint

Service EndPoint is created under Domain EndPoint. Multiple Service EndPoints may be created - one for each server group.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/_import' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"default-service","description":"This service is created by system to match any URLs at the end. A matching Smart Flow has also been created for you to configure policies for traffic that does not match any other condition.","condition":"URL:ciPrefix:\"/\"","serverGroup":{"name":"defaultServerGroup","servers":[],"loadBalancingAlgorithmPolicy":{"name":"defaultLBpolicy","state":"ACTIVE","method":"least_conn","type":"serverAlgo"},"clientSSLPolicy":{"name":"defaultClientSSLpolicy","state":"INACTIVE","validateUpstreamCert":false,"cipherVersions":[],"sslVersions":[],"sendServerName":false,"type":"clientSSL"},"sessionPersistencePolicy":{"state":"INACTIVE","method":"cookie_sticky","type":"sessionPersistence","name":"defaultSessionPersistence"},"outOfBandMonitorPolicy":{"state":"ACTIVE","oobInterval":10,"oobTimeout":10,"oobType":"tcp","oobHttpUrl":"","type":"monitor","name":"OutOfBandMonitor"},"policies":[{"type":"serverLimits","name":"serverLimitsPolicy","readTimeout":300,"sendTimeout":300}]}}'

4. Create Smart Flow

Smart Flow is created under a service. POST call on Smart Flow collection creates a Smart Flow. Multiple Smart Flows may be created within a service for better traffic segmentation and for applying the policies granularly.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/smartflows' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"default-smartflow","condition":"URL:ciPrefix:\"/\"","flowType":"allow"}'

5. Create Smart Flow Policies

The default Smart Flow policies are created with creation of the Smart Flow. However, it is good to create a few header rewrite policies so that information about the client connection can reach to the server.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/smartflows/default-smartflow/policies' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"type":"headerRewrite","name":"headerRewrite","state":"ACTIVE","rules":[{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-For","value":"$http_x_forwarded_for, $remote_addr"},{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-Proto","value":"$scheme"},{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-Port","value":"$server_port"}]}'

Append Application Servers in a Server Group

Server Group is part of Service EndPoint. It is created as part of Service EndPoint creation and holds the list of application servers and associated policies configured for the Service EndPoint. As of now only one server group can be attached to a Service EndPoint. PUT call on servergroups object appends the list of servers with the newly provided list.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/servergroups/defaultServerGroup/servers' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '[{"ipAddress":"1.1.1.1","port":80,"weight":1}]'

Change Status of an Application Server

Sometimes it is required to mark an application server as ‘Down’ for maintenance or some other administrative reason. One way is remove that server from the server array and add it back once it is ready to take the load. Another way is to just mark it as down so that other parameters related to the server remain intact.

Setting appropriate status in down attribute of JSON data and passing it to PUT call on servers object marks the server appropriatly.

As of now this is required to be done in 3 steps:

1. Get list of Servers

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/servergroups/defaultServerGroup/servers/' \
-XGET \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \

2.Delete Server from the Server Group

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/servergroups/defaultServerGroup/servers' \
-XDELETE \
-H 'Content-Type: application/json' \
-H 'Authorization: Session d009e98b-fffd-4195-8498-245ae20309cb' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '[{"state":"ACTIVE","ipAddress":"1.1.1.2","port":80,"weight":1,"maxFails":3,"failTimeout":10,"backup":false, "down": false}]'

3. Add Server with Modified Data

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/default-service/servergroups/defaultServerGroup/servers' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '[{"state":"ACTIVE","ipAddress":"1.1.1.2","port":80,"weight":1,"maxFails":3,"failTimeout":10,"backup":false, "down": true}]'

Associate Application to a Lightning ADC Cluster

Application and Lightning ADC Cluster are created independently in the Harmony Controller. But, before switching the DNS to flow traffic via Lightning ADCs, the application must be attached to a Lightning ADC Cluster. Only a cluster with active Lightning ADC instances can be attached to the application.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/cspclusters/MyDemoCluster' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary 'null'

Start Blue-Green Deployment

Starting a Blue-Green deployment involves creating a new Service EndPoint with the same configuration as Blue Service, place it with the Blue Service in order, activate it and then create a traffic split condition.

1. Read configuration of Blue Service

Complete data about a Service EndPoint can be read using 3 GET calls on Service object, Smart Flow object and Policies object as following:

a. Read Service Configuration

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/BlueService' \
-XGET \
-H 'Content-Type: application/json' \
-H 'Authorization: Session bc93b92b-30c9-414b-9e5c-9c0547460a05' \
-H 'tenant: Demo' \
-H 'provider: root'

b. Read Smart Flow Configuration

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/BlueService/smartflows' \
-XGET \
-H 'Content-Type: application/json' \
-H 'Authorization: Session bc93b92b-30c9-414b-9e5c-9c0547460a05' \
-H 'tenant: Demo' \
-H 'provider: root'

c. Read Policy Configuration

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/BlueService/smartflows/default-smartflow/policies' \
-XGET \
-H 'Content-Type: application/json' \
-H 'Authorization: Session bc93b92b-30c9-414b-9e5c-9c0547460a05' \
-H 'tenant: Demo' \
-H 'provider: root'

2. Create Green Service with same configuration

Name, description and server IP addresses must be changed after copying the payload. Other than traffic split condition, these 3 are the differences between Blue and Green Service.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/_import' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"GreenService","description":"This is Green Service","condition":"URL:prefix:\"/demo\"","serverGroup":{"name":"defaultServerGroup","accountId":"d07c346a-a147-4791-9da7-abb8c2e877f1","applicationId":"MyDemoApp","hostId":"default-host","serviceId":"GreenService","loadBalancingAlgorithmPolicy":{"name":"defaultLBpolicy","state":"ACTIVE","method":"least_conn","type":"serverAlgo","id":"defaultLBpolicy"},"clientSSLPolicy":{"name":"defaultClientSSLpolicy","state":"INACTIVE","validateUpstreamCert":false,"sendServerName":false,"sslVersions":["TLSv1.1","TLSv1","TLSv1.2"],"cipherVersions":["ECDHE-ECDSA-AES128-SHA256","ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-RSA-CHACHA20-POLY1305","ECDHE-RSA-AES256-SHA","ECDHE-RSA-AES128-SHA256","DHE-RSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES128-SHA","ECDHE-ECDSA-CHACHA20-POLY1305","DHE-RSA-CHACHA20-POLY1305","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-SHA384","DHE-RSA-AES256-SHA256","DHE-RSA-AES128-SHA","DHE-RSA-AES128-SHA256","ECDHE-RSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES256-SHA","ECDHE-ECDSA-AES128-SHA","DHE-RSA-AES128-GCM-SHA256","DHE-RSA-AES256-SHA"],"type":"clientSSL","id":"defaultClientSSLpolicy"},"sessionPersistencePolicy":{"name":"defaultSessionPersistence","state":"INACTIVE","method":"cookie_sticky","cookieName":"pep-route","cookieDomain":"","cookiePath":"/","expires":0,"cookieHash":"sha1","cookieSecure":false,"cookieHttpOnly":false,"headerName":"","queryParameterName":"","cookieExpires":0,"noFallBack":false,"cookieNoFallBack":false,"type":"sessionPersistence","id":"defaultSessionPersistence"},"outOfBandMonitorPolicy":{"name":"defaultoutOfBandMonitorPolicy","state":"ACTIVE","oobInterval":10,"oobTimeout":10,"minActiveServers":1,"oobType":"tcp","oobHttpUrl":"","type":"monitor","id":"defaultoutOfBandMonitorPolicy"},"servers":[{"state":"ACTIVE","ipAddress":"2.2.2.2","port":80,"$$hashKey":"1ZE"}],"infraCredentialNames":[""],"policies":[{"type":"serverLimits","name":"serverLimitsPolicy","state":"ACTIVE","createdAt":"2017-08-01T11:12:05Z","lastModifiedAt":"2017-08-01T11:12:05Z","lastModifiedBy":"someone@example.net","readTimeout":300,"sendTimeout":300,"id":"serverLimitsPolicy"},{"type":"fallback","name":"fallbackPolicy","state":"INACTIVE","createdAt":"2017-08-01T11:12:05Z","lastModifiedAt":"2017-08-01T11:12:05Z","lastModifiedBy":"someone@exanple.net","service":"default-service","aliasCode":0,"id":"fallbackPolicy"},{"type":"connectionPool","name":"ConnectionPoolPolicy","state":"ACTIVE","createdAt":"2017-08-01T11:12:05Z","lastModifiedAt":"2017-08-01T11:12:05Z","lastModifiedBy":"someone@exanple.net","maxReq":0,"maxConn":10000,"maxOpeningConn":0,"maxSpareConn":0,"minSpareConn":0,"reqTimeout":1000,"keepAliveTimeout":4,"logLevel":"error","cpoolStatus":"on","disableEmaxComputeStatus":"off","maxReqPerConn":100,"id":"ConnectionPoolPolicy"},{"type":"locationAffinity","name":"locationAffinityPolicy","state":"INACTIVE","createdAt":"2017-08-01T11:12:05Z","lastModifiedAt":"2017-08-01T11:12:05Z","lastModifiedBy":"someone@exanple.net","affinityOnly":false,"affinityRatio":2,"id":"locationAffinityPolicy"}]},"smartFlows":[{"name":"default-smartflow","state":"ACTIVE","accountId":"d07c346a-a147-4791-9da7-abb8c2e877f1","applicationId":"MyDemoApp","hostId":"default-host","serviceId":"GreenService","condition":"URL:prefix:\"/demo\"","flowType":"allow","flowDenyNoResp":false,"policies":[{"type":"headerRewrite","name":"headerRewrite","state":"ACTIVE","createdAt":"2017-08-01T11:12:08Z","lastModifiedAt":"2017-08-01T11:12:08Z","lastModifiedBy":"someone@exanple.net","rules":[{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-For","value":"$http_x_forwarded_for, $remote_addr"},{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-Proto","value":"$scheme"},{"status":true,"type":"reqHdrAdd","name":"X-Forwarded-Port","value":"$server_port"}],"id":"headerRewrite"}]}]}'

3. Place the Green Service appropriately

Green Service must always be placed just above the Blue Service.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/_updatesequence' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '["GreenService","BlueService","default-service"]'

4. Activate the Green Service

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/_activate' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '["GreenService"]'

5. Create the Traffic Split Condition

trafficsplits object holds the traffic split condition between Blue and Green services. The division may be in form of percentage or specific condition based on information available in Request. splitSlices for each service should be specified properly.

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/trafficsplits' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"BlueService--VS--GreenService","type":"splitClients","status":"true","splitSlices":[{"service":"BlueService","percentage":80,"code":"blue","condition":""},{"service":"GreenService","percentage":20,"code":"green","condition":""}]}'

Update Traffic Split Condition in Blue-Green

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/trafficsplits/BlueService--VS--GreenService' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"BlueService--VS--GreenService","type":"splitClients","state":"ACTIVE","splitSlices":[{"service":"BlueService","percentage":"","code":"blue","condition":""},{"service":"GreenService","percentage":"","code":"green","condition":"GEO:equals:\"US\""}]}'

Deactivate Blue-Green

Deactivating involves deactivating the trafficsplits as well as deactivating the Green Service.

1. Deactivate Traffic Split Condition

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/trafficsplits/BlueService--VS--GreenService' \
-XPUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"BlueService--VS--GreenService","accountId":"d07c346a-a147-4791-9da7-abb8c2e877f1","applicationId":"MyDemoApp","hostId":"default-host","state":"INACTIVE","splitSlices":[{"service":"BlueService","condition":"","code":"blue"},{"service":"GreenService","condition":"GEO:equals:\"US\"","code":"green"}],"id":"BlueService--VS--GreenService"}'

2. Deactivate Service EndPoint

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/_deactivate' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '["GreenService"]'

Delete Blue-Green

DELETE call needs to be made on ‘trafficsplits’ as well as on ‘Service’. Any of Blue or Green service can be deleted as needed.

1. Delete Traffic Split Condition

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/trafficsplits/BlueService--VS--GreenService' \
-XDELETE \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary 'null'

2. Delete Service EndPoint

curl 'https://api.a10networks.com/api/v2/applications/MyDemoApp/hosts/default-host/services/GreenService' \
-XDELETE \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"name":"GreenService","condition":"URL:prefix:\"/demo\""}'

Collect Access Logs

Access logs can be read using metrics APIs. ‘From’ (gte) and ‘To’ (lte) timestamp (Unix Timestamp format) needs to be provided as part of query for reading logs. Only the number of logs specific in size parameter are returned. Maximum 10000 logs are returned at a time.

For getting more logs another API call can be made adjusting the timestamp parameters accordingly.

curl 'https://api.a10networks.com/api/v2/metrics/accesslog/_search' \
-XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Session 5b049835-43a5-4148-a355-05b7cb2c132b' \
-H 'tenant: Demo' \
-H 'provider: root' \
--data-binary '{"query":{"bool":{"must":[{"match":{"applicationId":"MyDemoApp"}},{"match":{"internal":false}},{"range":{"timestamp":{"gte":1501583460000,"lte":1501585260000}}}]}},"from":0,"size":50,"sort":{"timestamp":{"order":"desc"}}}'

Sample Code

This page lists sample code for a few common use cases. While samples are provided in Python language, functionality can be ported in any language.

Creating Lightning ADC Cluster

Lightning ADC cluster may be of type Auto or Manual. The code here demonstrates how to create a cluster of type Manual. The cluster ID returned at the end of script is the unique ID of the cluster. This is to be supplied to the Lightning ADC instance. When Lightning ADC connects to the Harmony Controller, it identifies the cluster which the instance belongs to, and places accordingly.

Creating an Application

For creating an application configuration, the entire object hierarchy needs to be created. Calling POST APIs of the objects in the sequence does the job. By default, all the values are taken as default. Only required items are name of the application and first domain for which the application is being created. However, for application to work properly and handle traffic, a few more things like Server IP addresses and Lightning ADC Cluster is also required.

The code example here assumes that required data is available in a JSON file (app_params.json) and makes following calls in sequence:

  1. Create Session
  2. Create Application
  3. Create Domain EndPoint
  4. Create Service EndPoint
  5. Create Smart Flow
  6. Create Smart Flow Policies
  7. Associate Application to a Lightning ADC Cluster

Tear Down

Tear down here refers to deleting application and Lightning ADC cluster. Before a cluster can be deleted, it should be removed from all applications. Also all the ADC instances should be removed from the cluster. So the steps for tear down are as following:

  1. Delete application
  2. Read all ADC instances in the cluster and delete them - the instances should be shut down manually before performing this
  3. Delete Cluster