10-03-2015 10:54 AM - edited 10-03-2015 11:49 AM
Hello,
I am working on an automation solution where-by I need to add interfaces or sub-interfaces for tenants. Now the problem I have run into is in cases where an interface has been used previously and either not reset back to default config properly or at all. In these cases when I try to commit configuration I run into issues with interface being members in VLAN's, VR's or zones etc. To get around this I need to perform a barrage of calls to the API to check all zone, VR, VLAN etc and grep on members and then if the interface in question is a member I need to remove it by delete calls.
So the ideal scenario would be an API call to reset an interface to a default state. Sort of like a factory reset. Or if that is not doable a way to get all dependencies (memberships) of interfaces in one call at least reducing the amount of API calls I need to make by 50% (i.e. leaving only the delete calls).
Am I approaching this wrong or has anyone else run into this?
EDIT: Actually best way to do this that I can think of now is simply reading in the whole config into array and then do all queries on the array before sending the delete API calls.
BR,
Jorgen
11-16-2015 06:33 AM
Hello,
Thanks. However that doesn't work. But at least it gives the error message and notes the references which I can use to plugin to the script and try again instead of searching the whole config for interface references.
See example below:
<response status="error" code="10">
<msg>
<line>ethernet1/3 cannot be deleted because of references from:</line>
<line>layer3 zone -> muuu -> network -> layer3</line>
<line>interface network -> virtual-router -> test-vr -> interface</line>
</msg>
</response>
So I could do something like:
Delete interfaceXX
If success
then end
else
if /reference/
then
if /zone/
delete int from zone
fi
if /virtual-router/
delete int from vr
fi
fi
else
fail
// jpb
11-16-2015 04:53 AM
Hi Jorgen,
You could use this command to delete the interface (actually it sets everything on that interface to default):
https://FIREWALLNAME/api/?type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/network/interface/ethernet/entry[@name='ethernet1/XX']
On a vsys-enabled firewall you first have to unlink the interface from the vsys, (sorry, but I don't know the command for doing that at the moment)
Hope it helps,
Remo
11-16-2015 06:33 AM
Hello,
Thanks. However that doesn't work. But at least it gives the error message and notes the references which I can use to plugin to the script and try again instead of searching the whole config for interface references.
See example below:
<response status="error" code="10">
<msg>
<line>ethernet1/3 cannot be deleted because of references from:</line>
<line>layer3 zone -> muuu -> network -> layer3</line>
<line>interface network -> virtual-router -> test-vr -> interface</line>
</msg>
</response>
So I could do something like:
Delete interfaceXX
If success
then end
else
if /reference/
then
if /zone/
delete int from zone
fi
if /virtual-router/
delete int from vr
fi
fi
else
fail
// jpb
11-16-2015 10:01 AM
if you already need the configuration for something else in your script or if this wouldn't be a problem you could get the config with one api call and then get from this file the dependencies where this interface is used and from there create the dependency delete calls for vsys,zone and virtual-router. After deleting them you can issue the command I already posted to reset the interface.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
