Skip to content

antony@notes:~/suse$ cat "SUSE-Manager-curl-API-integration.md"

SUSE Manager curl API integration

2024-08-13· suse ·SUSE Manager

SUSE Manager curl API integration

Preface

本篇文章主要會一步一步介紹如何透過 HTTP curl API 的方式,來呼叫 SUSE Manager Server 排程對 Client 端的作業系統進行 Patch 更新。

可以透過點擊以下目錄,選擇想看的內容,跳轉至特定章節

:::warning

:::spoiler {state=“open”} 目錄

[TOC]

:::

Step 1. Login

以下是使用 HTTP over JSON API 的身分驗證 Token 登入流程。

HTTP over JSON API 使用身分驗證 Token 進行存取。Token 會在呼叫 auth.login endpoint 的回應中,以名為 pxt-session-cookiecookie 傳送。auth.login endpoint 接受帶有 JSON body 的 POST 請求,該 JSON body 在 top-level object 中包含 loginpassword 屬性。

Using the request body

# Define Var
$ SUMA_URL='suma.example.com'
$ AC="admin"
$ PW="sumaadmin"
$ API="https://${SUMA_URL}/rhn/manager/api"

# Run Command
$ curl -k -H "Content-Type: application/json" \
-d "{'login': "$AC", "password": "$PW"}" \
-i $API/auth/login

執行結果如下 :

HTTP/1.1 200 200
...
Set-Cookie: pxt-session-cookie=18876x02e2026a1d61069d8ac6a8ce9ef965ad90832c8337cea54aebc1947ebfdb5eb6; Max-Age=3600; Expires=Fri, 31 May 2024 08:03:21 GMT; Path=/; Secure; HttpOnly;HttpOnly;Secure
...

{"success":true}

之後 Call API 需使用 Max-Age=3600Set-Cookie 值 :

pxt-session-cookie=18876x02e2026a1d61069d8ac6a8ce9ef965ad90832c8337cea54aebc1947ebfdb5eb6

登入成功後,得到的 cookie 必須加入到後續每次認證存取的請求中。

Step 2. Get system ID

列出 test1 這台 Client 的系統 id

# Define Var
$ system='test1'
$ cookie='pxt-session-cookie=1448x8837510e9115fee45d7cf5df49709c9967634003ada35b120bd86ed6e4717ea3'

# Run Command
$ curl -s -k -H "Content-Type: application/json" \
--cookie "${cookie}" \
$API/system/getId?name=${system}| jq

執行結果如下 :

{
  "success": true,
  "result": [
    {
      "name": "test1",
      "id": 1000010001,
      "last_checkin": "Aug 12, 2024, 3:35:24 PM",
      "outdated_pkg_count": 218
    }
  ]
}

Step 3. 列出系統需要套用的所有 Patch 更新

傳回與系統相關的所有 Patch 更新。

# Define Var
# id 是上一個步驟的 result.id
$ id='1000010001'

# Run Command
$ curl -s -H "Content-Type: application/json" \
--cookie "${cookie}" \
$API/system/getRelevantErrata?sid=${id} | jq

執行結果如下 :

{
  "success": true,
  "result": [
    {
      "date": "2024-08-10",
      "advisory_name": "SUSE-15-SP6-2024-2869",
      "advisory_type": "Security Advisory",
      "advisory_status": "stable",
      "id": 4008,
      "advisory_synopsis": "important: Security update for ca-certificates-mozilla",
      "update_date": "2024-08-10"
    },
    ...以下省略

Step 4. Get Patch Name

# Define Var
# AN is stand for Advisory Name
$ AN='SUSE-15-SP6-2024-2869'

# Run Command
$ curl -s -k -H "Content-Type: application/json" \
--cookie "${cookie}" \
$API/errata/getDetails?advisoryName=${AN} | jq

執行結果如下 :

{
  "success": true,
  "result": {
    "id": 4008,
    "issue_date": "8/10/24",
    "update_date": "8/10/24",
    "last_modified_date": "2024-08-10 02:11:37.071418",
    "release": 1,
    "advisory_status": "stable",
    "vendor_advisory": "https://www.suse.com/support/update/announcement/2024/suse-su-20242869-1/",
    "product": "SUSE Updates SLE-Module-Basesystem 15-SP6 x86 64",
    "errataFrom": "maint-coord@suse.de",
    "solution": " ",
    "description": "This update for ca-certificates-mozilla fixes the following issues:\n\n- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)\n  - Added: FIRMAPROFESIONAL CA ROOT-A WEB\n  - Distrust: GLOBALTRUST 2020\n\n- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)\n  Added:\n  - CommScope Public Trust ECC Root-01\n  - CommScope Public Trust ECC Root-02\n  - CommScope Public Trust RSA Root-01\n  - CommScope Public Trust RSA Root-02\n  - D-Trust SBR Root CA 1 2022\n  - D-Trust SBR Root CA 2 2022\n  - Telekom Security SMIME ECC Root 2021\n  - Telekom Security SMIME RSA Root 2023\n  - Telekom Security TLS ECC Root 2020\n  - Telekom Security TLS RSA Root 2023\n  - TrustAsia Global Root CA G3\n  - TrustAsia Global Root CA G4\n  Removed:\n  - Autoridad de Certificacion Firmaprofesional CIF A62634068\n  - Chambers of Commerce Root - 2008\n  - Global Chambersign Root - 2008\n  - Security Communication Root CA\n  - Symantec Class 1 Public Primary Certification Authority - G6\n  - Symantec Class 2 Public Primary Certification Authority - G6\n  - TrustCor ECA-1\n  - TrustCor RootCert CA-1\n  - TrustCor RootCert CA-2\n  - VeriSign Class 1 Public Primary Certification Authority - G3\n  - VeriSign Class 2 Public Primary Certification Authority - G3\n",
    "synopsis": "important: Security update for ca-certificates-mozilla",
    "topic": " ",
    "references": "",
    "notes": "",
    "type": "Security Advisory",
    "severity": "Important",
    "reboot_suggested": false,
    "restart_suggested": false
  }
}

Step 5. Apply Patch(es) to a system

$ id=1000010001
$ errataIds='3800, 3804'
$ curl -s -k -H "Content-Type: application/json" \
  --cookie "${cookie}" \
  -d "{'sid': ${id},'errataIds': [${errataIds}]}" \
  $API/system/scheduleApplyErrata | jq

執行結果如下 :

{
  "success": true,
  "result": [
    25
  ]
}

Step 6. Get Event Details

Using the query string

$ id='1000010001'
$ eid='25'

$ curl -s -k -H "Content-Type: application/json" \
  --cookie "${cookie}" \
  "$API/system/getEventDetails?sid=${id}&eid=${eid}" | jq

Using the request body

$ curl -s -k -H "Content-Type: application/json" \
  --cookie "${cookie}" \
  "$API/system/getEventDetails" -X GET -d "{
  'sid': ${id},
  'eid': ${eid}}" | jq

執行結果如下 :

{
  "success": true,
  "result": {
    "summary": "Combined Patch Update: SUSE-15-SP6-2024-1762 - important: Security update for perl (and 1 more patches) scheduled by sumaadmin",
    "result_msg": "saltutil_|-sync_states_|-sync_states_|-sync_states:\n    name: sync_states\n    changes: {\n        }\n    result: true\n    comment: No updates to sync\n    __sls__: util.syncstates\n    __run_num__: 0.0\n    start_time: '17:43:54.368173'\n    duration: 180.305\n    __id__: sync_states\npkg_|-mgr_absent_ca_package_|-rhn-org-trusted-ssl-cert_|-removed:\n    name: rhn-org-trusted-ssl-cert\n    changes: {\n        }\n    result: true\n    comment: All specified packages are already absent\n    __sls__: certs\n    __run_num__: 1.0\n    start_time: '17:43:55.489188'\n    duration: 8.562\n    __id__: mgr_absent_ca_package\nfile_|-mgr_ca_cert_|-/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT_|-managed:\n    changes: {\n        }\n    comment: File /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT is in the correct state\n    name: /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT\n    result: true\n    __sls__: certs\n    __run_num__: 2.0\n    start_time: '17:43:55.499805'\n    duration: 35.932\n    __id__: mgr_ca_cert\ncmd_|-update-ca-certificates_|-/usr/sbin/update-ca-certificates_|-run:\n    changes: {\n        }\n    result: true\n    duration: 0.007\n    start_time: '17:43:55.536567'\n    comment: State was not run because none of the onchanges reqs changed\n    __state_ran__: false\n    __run_num__: 3.0\n    __sls__: certs\n    __id__: update-ca-certificates\n    name: /usr/sbin/update-ca-certificates\nfile_|-mgr_proxy_ca_cert_symlink_|-/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT_|-symlink:\n    result: true\n    name: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT\n    changes: {\n        }\n    comment: onlyif condition is false\n    __sls__: certs\n    __id__: mgr_proxy_ca_cert_symlink\n    skip_watch: true\n    __run_num__: 4.0\n    start_time: '17:43:55.536656'\n    duration: 385.179\nfile_|-mgr_deploy_tools_uyuni_key_|-/etc/pki/rpm-gpg/uyuni-tools-gpg-pubkey-0d20833e.key_|-managed:\n    changes: {\n        }\n    comment: File /etc/pki/rpm-gpg/uyuni-tools-gpg-pubkey-0d20833e.key is in the correct state\n    name: /etc/pki/rpm-gpg/uyuni-tools-gpg-pubkey-0d20833e.key\n    result: true\n    __sls__: channels.gpg-keys\n    __run_num__: 5.0\n    start_time: '17:43:55.921947'\n    duration: 34.159\n    __id__: mgr_deploy_tools_uyuni_key\nfile_|-mgr_deploy_suse_addon_key_|-/etc/pki/rpm-gpg/suse-addon-97a636db0bad8ecc.key_|-managed:\n    changes: {\n        }\n    comment: File /etc/pki/rpm-gpg/suse-addon-97a636db0bad8ecc.key is in the correct state\n    name: /etc/pki/rpm-gpg/suse-addon-97a636db0bad8ecc.key\n    result: true\n    __sls__: channels.gpg-keys\n    __run_num__: 6.0\n    start_time: '17:43:55.956262'\n    duration: 34.735\n    __id__: mgr_deploy_suse_addon_key\nfile_|-mgrchannels_repo_|-/etc/zypp/repos.d/susemanager:channels.repo_|-managed:\n    changes: {\n        }\n    comment: File /etc/zypp/repos.d/susemanager:channels.repo is in the correct state\n    name: /etc/zypp/repos.d/susemanager:channels.repo\n    result: true\n    __sls__: channels\n    __run_num__: 7.0\n    start_time: '17:43:55.991156'\n    duration: 123.044\n    __id__: mgrchannels_repo\nproduct_|-mgrchannels_install_products_|-mgrchannels_install_products_|-all_installed:\n    name: mgrchannels_install_products\n    changes: {\n        }\n    result: true\n    comment: All subscribed products are already installed\n    __sls__: channels\n    __run_num__: 8.0\n    start_time: '17:43:56.114639'\n    duration: 466.036\n    __id__: mgrchannels_install_products\npkg_|-mgrchannels_inst_suse_build_key_|-suse-build-key_|-installed:\n    name: suse-build-key\n    changes: {\n        }\n    result: true\n    comment: All specified packages are already installed\n    __sls__: channels\n    __run_num__: 9.0\n    start_time: '17:43:56.581182'\n    duration: 4321.058\n    __id__: mgrchannels_inst_suse_build_key\npkg_|-mgr_regular_patches_|-mgr_regular_patches_|-patch_installed:\n    name: mgr_regular_patches\n    changes:\n        perl-base:\n            old:\n            -   version: 5.26.1\n                install_date_time_t: 1.719820515E9\n                release: 150300.17.14.1\n                epoch: null\n                arch: x86_64\n            new:\n            -   version: 5.26.1\n                install_date_time_t: 1.723455849E9\n                release: 150300.17.17.1\n                epoch: null\n                arch: x86_64\n        perl:\n            old:\n            -   version: 5.26.1\n                install_date_time_t: 1.719820534E9\n                release: 150300.17.14.1\n                epoch: null\n                arch: x86_64\n            new:\n            -   version: 5.26.1\n                install_date_time_t: 1.72345585E9\n                release: 150300.17.17.1\n                epoch: null\n                arch: x86_64\n        perl-core-DB_File:\n            old:\n            -   version: 5.26.1\n                install_date_time_t: 1.719820534E9\n
 release: 150300.17.14.1\n                epoch: null\n                arch: x86_64\n            new:\n            -   version: 5.26.1\n                install_date_time_t: 1.72345585E9\n                release: 150300.17.17.1\n                epoch: null\n
     arch: x86_64\n        ucode-intel:\n            old:\n            -   version: '20240312'\n                install_date_time_t: 1.719820562E9\n                release: 150200.38.1\n                epoch: null\n                arch: x86_64\n            new:\n            -   version: '20240514'\n                install_date_time_t: 1.723455848E9\n                release: 150200.41.1\n
    epoch: null\n                arch: x86_64\n    result: true\n    comment: ''\n    __sls__: packages.patchinstall\n    __run_num__: 10.0\n    start_time: '17:44:00.902568'\n    duration: 28536.465\n    __id__: mgr_regular_patches\n",
    "picked_up": "Aug 12, 2024, 5:43:44 PM",
    "earliest_action": "Aug 12, 2024, 5:43:44 PM",
    "additional_info": [
      {
        "detail": "SUSE-15-SP6-2024-1762 (important: Security update for perl)"
      },
      {
        "detail": "SUSE-15-SP6-2024-1771 (important: Security update for ucode-intel)"
      }
    ],
    "created": "Aug 12, 2024, 5:43:44 PM",
    "history_type": "Patch Update",
    "result_code": 0,
    "id": 25,
    "completed": "Aug 12, 2024, 5:44:21 PM",
    "status": "Completed"
  }
}

參考文件