Automation is very important for many organisations, which is why it's one of the core features of our upcoming V9 release.

Version 9 is being built from the ground up to be API driven, so all functionality and features available in the Web User Interface (WUI) will be catered for. While V9 is certainly on the horizon, it's still a little way off and so there is the question "What can we do while still using V8?".

For those running V8, the Loadbalancer.org appliance already has options to facilitate automated deployment and management. You may already be aware of the existing lbcli command and API. The lbcli command is a wrapper around the WUI functions and the API is another wrapper around lbcli. Both allow commands to be sent to your Loadbalancer.org appliance to create, edit, delete new configurations or perform maintenance tasks outside of the WUI.

Example adding a L4 Virtual Service:

lbcli --action add-vip --layer 4 --vip theVipName \
--ip 192.168.100.123 --ports 80 --forwarding gate --protocol tcp

The same but as a JSON API post (apicall.json):

{
   "auth":{
      "apikey":"eP68pvSMM8dvn051LL4d35569d438ue0"
   },
   "action":[
      {
         "command":"add-vip"
      }
   ],
   "syntax":[
      {
         "layer":"4",
         "vip":"theVipName",
         "ip":"192.168.100.123",
         "ports":"80",
         "forwarding":"gate",
         "protocol":"tcp"
      }
   ]
}

Using the JSON example above, if you save it to a file call "apicall.json" and use the curl example below. You can also use these examples with your deployment and automation tools such as Puppet.

curl -u loadbalancer:loadbalancer -X POST -d @apicall.json \
https://192.168.100.100:9443/api/ --header Content-Type:application/json -k

So, although V9 is still a while off, we actually do have some support for automation already! This covers around 98% of product functionality or most of the features found under the "Cluster Configuration" menu of the appliance. Both lbcli and the API can be configured to provide single operation actions such as adding a VIP/RIP or reloading/restarting a system service, or it can be utilised to process multiple actions in a single command such as adding a VIP and multiple RIPs. It is possible to batch create a new Layer 4 or Layer 7 Virtual Service with all the Real Servers which are needed, set the state of those servers and even add Headers and ACL's as you go, all without looking at the WUI at all.

Adding a VIP and multiple RIP's in a single command:

lbcli --action add-vip --layer 4 --vip theVipName --ip 192.168.100.123 \
--ports 80 --forwarding gate --protocol tcp --action add-rip \
--vip theVipName --rip FirstRIP --ip 192.168.100.125 --weight 100

The same but as a JSON API post:

{
   "auth":{
      "apikey":"eP68pvSMM8dvn051LL4d35569d438ue0"
   },
   "action":[
      {
         "command":"add-vip",
         "command":"add-rip",
      }
   ],
   "syntax":[
      {
         "layer":"4",
         "vip":"theVipName",
         "ip":"192.168.100.123",
         "ports":"80",
         "forwarding":"gate",
         "protocol":"tcp"
      },
     {
         "vip":"theVipName",
         "rip":"FirstRIP",
         "ip":"192.168.100.125",
         "weight":"100"
      }
   ]
}

While this is a great step forward, we still have some parts of the product not supported by lbcli/API and for many of these omissions, you can instead use a curl command allowing you to do things such as upload SSL certificates or create an SSL termination:

Create a curl script like so (UploadCertificate.sh):
UPLOAD PEM/PFX

#!/bin/bash
# upload pem file
curl -s -u loadbalancer:loadbalancer -X POST \
--form cert_action=upload \
--form label=$1 \
--form upload_type=$2 \
--form ssl_upload_file=@$3 \
--form pfx_pass=$5 \
https://$4:9443/lbadmin/config/sslcert.php?action=newcert \
-k | grep -c success

Variable explained:

$1=SSLCertLabel
$2=pem/pfx
$3=/full/path/to/sslcert.(pem:pfx)
$4=IP of loadbalancer.org Master appliance.
$5=pfx_password only if cert upload if pfx its not needed otherwise.

Assuming you made the above script and saved it as "UploadCertificate.sh". You can then execute that script with one of the syntax examples below.

To upload a PEM Certificate:

./UploadCertificate.sh example.com pem \
/home/username/ssl/example.com.pem  172.31.20.10

To upload a PFX Certificate with a password:

./UploadCertificate.sh example.com pfx \
/home/username/ssl/example.com.pfx  172.31.20.10 pfxPa55w0rd

The output will be a 0 or a 1 where 1 is success

Now that you have an uploaded PEM or PFX file, you may wish to create an SSL Termination to use the new uploaded certificate. This can be done with lbcli/API already but also, optionally, it could be done with a curl command. Below is the lbcli, API and curl examples of this action for comparison:

LBCLI:

lbcli --action termination --function add --vip example_sslterm_vip \
--ip 172.31.20.99 --port 443 --backend_ip 172.31.20.99 \
--backend_port 80 --sslcert example.com

API JSON file:

{
   "auth":{
      "apikey":"eP68pvSMM8dvn051LL4d35569d438ue0"
   },
   "action":[
      {
         "command":"termination"
      }
   ],
   "syntax":[
      {
         "function":"add",
         "vip":"example_sslterm_vip",
         "ip":"172.31.20.99",
         "port":"443",
         "backend_ip":"172.31.20.99",
         "backend_port":"80",
         "sslcert":"example.com"
      }
   ]
}

Then, post the created JSON file using curl:

curl -u loadbalancer:loadbalancer -X POST -d @apicall.json \
https://172.31.20.10:9443/api/ --header Content-Type:application/json -k

Curl:

curl -u loadbalancer:loadbalancer -X POST \
--form label="example_sslterm_vip" \
--form ssl_cert="example.com" \
--form vip="172.31.20.99" \
--form vip_port="443" \
--form backend="172.31.20.99" \
--form backend_port="80" \
--form ciphers="ALL" \
--form terminator="stunnel" \
--form en_xHTTP="on" \
--form rewritelocation="on" \
--form honour_cipher_order="on" \
--form allowciphernegotiation="on" \
--form disable_sslv2="on" \
--form disable_sslv3="on" \
--form disable_tlsv1="on" \
--form stunnel_renegotiation="on" \
--form stunnel_timetoclose="0" \
--form stunnel_proxy="off" \
--form stunnel_proxy_bind="None" \
--form addphys="on" \ 
"https://172.31.20.10:9443/lbadmin/config/ssl.php?action=adddata" -k

Hopefully, this gives you an idea of what you can do with the Loadbalancer.org appliance outside the WUI using simple HTTP POST's with the LBCLI / API examples.

For individual help and advice on each action just use:

lbcli --help <action|lbcli|help|about>

If you would like to know more please do not hesitate to open a ticket or e-mail support@loadbalancer.org.