antony@notes:~/suse$ cat "SUSE-Manager-curl-API-integration.md"
SUSE Manager curl API integration
SUSE Manager curl API integration
Preface
本篇文章主要會一步一步介紹如何透過 HTTP curl API 的方式,來呼叫 SUSE Manager Server 排程對 Client 端的作業系統進行 Patch 更新。
可以透過點擊以下目錄,選擇想看的內容,跳轉至特定章節
:::warning
:::spoiler {state=“open”} 目錄
[TOC]
:::
Step 1. Login
以下是使用 HTTP over JSON API 的身分驗證 Token 登入流程。
HTTP over JSON API 使用身分驗證 Token 進行存取。Token 會在呼叫 auth.login endpoint 的回應中,以名為 pxt-session-cookie 的 cookie 傳送。auth.login endpoint 接受帶有 JSON body 的 POST 請求,該 JSON body 在 top-level object 中包含 login 和 password 屬性。
Using the request body
# Define Var
$ SUMA_URL='suma.example.com'
$ AC="admin"
$ PW="sumaadmin"
$ API="https://${SUMA_URL}/rhn/manager/api"
# Run Command
$ curl -k -H "Content-Type: application/json" \
-d "{'login': "$AC", "password": "$PW"}" \
-i $API/auth/login執行結果如下 :
HTTP/1.1 200 200
...
Set-Cookie: pxt-session-cookie=18876x02e2026a1d61069d8ac6a8ce9ef965ad90832c8337cea54aebc1947ebfdb5eb6; Max-Age=3600; Expires=Fri, 31 May 2024 08:03:21 GMT; Path=/; Secure; HttpOnly;HttpOnly;Secure
...
{"success":true}之後 Call API 需使用
Max-Age=3600的Set-Cookie值 :pxt-session-cookie=18876x02e2026a1d61069d8ac6a8ce9ef965ad90832c8337cea54aebc1947ebfdb5eb6登入成功後,得到的 cookie 必須加入到後續每次認證存取的請求中。
Step 2. Get system ID
列出 test1 這台 Client 的系統 id
# Define Var
$ system='test1'
$ cookie='pxt-session-cookie=1448x8837510e9115fee45d7cf5df49709c9967634003ada35b120bd86ed6e4717ea3'
# Run Command
$ curl -s -k -H "Content-Type: application/json" \
--cookie "${cookie}" \
$API/system/getId?name=${system}| jq執行結果如下 :
{
"success": true,
"result": [
{
"name": "test1",
"id": 1000010001,
"last_checkin": "Aug 12, 2024, 3:35:24 PM",
"outdated_pkg_count": 218
}
]
}Step 3. 列出系統需要套用的所有 Patch 更新
傳回與系統相關的所有 Patch 更新。
# Define Var
# id 是上一個步驟的 result.id
$ id='1000010001'
# Run Command
$ curl -s -H "Content-Type: application/json" \
--cookie "${cookie}" \
$API/system/getRelevantErrata?sid=${id} | jq執行結果如下 :
{
"success": true,
"result": [
{
"date": "2024-08-10",
"advisory_name": "SUSE-15-SP6-2024-2869",
"advisory_type": "Security Advisory",
"advisory_status": "stable",
"id": 4008,
"advisory_synopsis": "important: Security update for ca-certificates-mozilla",
"update_date": "2024-08-10"
},
...以下省略Step 4. Get Patch Name
# Define Var
# AN is stand for Advisory Name
$ AN='SUSE-15-SP6-2024-2869'
# Run Command
$ curl -s -k -H "Content-Type: application/json" \
--cookie "${cookie}" \
$API/errata/getDetails?advisoryName=${AN} | jq執行結果如下 :
{
"success": true,
"result": {
"id": 4008,
"issue_date": "8/10/24",
"update_date": "8/10/24",
"last_modified_date": "2024-08-10 02:11:37.071418",
"release": 1,
"advisory_status": "stable",
"vendor_advisory": "https://www.suse.com/support/update/announcement/2024/suse-su-20242869-1/",
"product": "SUSE Updates SLE-Module-Basesystem 15-SP6 x86 64",
"errataFrom": "maint-coord@suse.de",
"solution": " ",
"description": "This update for ca-certificates-mozilla fixes the following issues:\n\n- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)\n - Added: FIRMAPROFESIONAL CA ROOT-A WEB\n - Distrust: GLOBALTRUST 2020\n\n- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)\n Added:\n - CommScope Public Trust ECC Root-01\n - CommScope Public Trust ECC Root-02\n - CommScope Public Trust RSA Root-01\n - CommScope Public Trust RSA Root-02\n - D-Trust SBR Root CA 1 2022\n - D-Trust SBR Root CA 2 2022\n - Telekom Security SMIME ECC Root 2021\n - Telekom Security SMIME RSA Root 2023\n - Telekom Security TLS ECC Root 2020\n - Telekom Security TLS RSA Root 2023\n - TrustAsia Global Root CA G3\n - TrustAsia Global Root CA G4\n Removed:\n - Autoridad de Certificacion Firmaprofesional CIF A62634068\n - Chambers of Commerce Root - 2008\n - Global Chambersign Root - 2008\n - Security Communication Root CA\n - Symantec Class 1 Public Primary Certification Authority - G6\n - Symantec Class 2 Public Primary Certification Authority - G6\n - TrustCor ECA-1\n - TrustCor RootCert CA-1\n - TrustCor RootCert CA-2\n - VeriSign Class 1 Public Primary Certification Authority - G3\n - VeriSign Class 2 Public Primary Certification Authority - G3\n",
"synopsis": "important: Security update for ca-certificates-mozilla",
"topic": " ",
"references": "",
"notes": "",
"type": "Security Advisory",
"severity": "Important",
"reboot_suggested": false,
"restart_suggested": false
}
}Step 5. Apply Patch(es) to a system
$ id=1000010001
$ errataIds='3800, 3804'
$ curl -s -k -H "Content-Type: application/json" \
--cookie "${cookie}" \
-d "{'sid': ${id},'errataIds': [${errataIds}]}" \
$API/system/scheduleApplyErrata | jq執行結果如下 :
{
"success": true,
"result": [
25
]
}Step 6. Get Event Details
Using the query string
$ id='1000010001'
$ eid='25'
$ curl -s -k -H "Content-Type: application/json" \
--cookie "${cookie}" \
"$API/system/getEventDetails?sid=${id}&eid=${eid}" | jqUsing the request body
$ curl -s -k -H "Content-Type: application/json" \
--cookie "${cookie}" \
"$API/system/getEventDetails" -X GET -d "{
'sid': ${id},
'eid': ${eid}}" | jq執行結果如下 :
{
"success": true,
"result": {
"summary": "Combined Patch Update: SUSE-15-SP6-2024-1762 - important: Security update for perl (and 1 more patches) scheduled by sumaadmin",
"result_msg": "saltutil_|-sync_states_|-sync_states_|-sync_states:\n name: sync_states\n changes: {\n }\n result: true\n comment: No updates to sync\n __sls__: util.syncstates\n __run_num__: 0.0\n start_time: '17:43:54.368173'\n duration: 180.305\n __id__: sync_states\npkg_|-mgr_absent_ca_package_|-rhn-org-trusted-ssl-cert_|-removed:\n name: rhn-org-trusted-ssl-cert\n changes: {\n }\n result: true\n comment: All specified packages are already absent\n __sls__: certs\n __run_num__: 1.0\n start_time: '17:43:55.489188'\n duration: 8.562\n __id__: mgr_absent_ca_package\nfile_|-mgr_ca_cert_|-/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT_|-managed:\n changes: {\n }\n comment: File /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT is in the correct state\n name: /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT\n result: true\n __sls__: certs\n __run_num__: 2.0\n start_time: '17:43:55.499805'\n duration: 35.932\n __id__: mgr_ca_cert\ncmd_|-update-ca-certificates_|-/usr/sbin/update-ca-certificates_|-run:\n changes: {\n }\n result: true\n duration: 0.007\n start_time: '17:43:55.536567'\n comment: State was not run because none of the onchanges reqs changed\n __state_ran__: false\n __run_num__: 3.0\n __sls__: certs\n __id__: update-ca-certificates\n name: /usr/sbin/update-ca-certificates\nfile_|-mgr_proxy_ca_cert_symlink_|-/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT_|-symlink:\n result: true\n name: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT\n changes: {\n }\n comment: onlyif condition is false\n __sls__: certs\n __id__: mgr_proxy_ca_cert_symlink\n skip_watch: true\n __run_num__: 4.0\n start_time: '17:43:55.536656'\n duration: 385.179\nfile_|-mgr_deploy_tools_uyuni_key_|-/etc/pki/rpm-gpg/uyuni-tools-gpg-pubkey-0d20833e.key_|-managed:\n changes: {\n }\n comment: File /etc/pki/rpm-gpg/uyuni-tools-gpg-pubkey-0d20833e.key is in the correct state\n name: /etc/pki/rpm-gpg/uyuni-tools-gpg-pubkey-0d20833e.key\n result: true\n __sls__: channels.gpg-keys\n __run_num__: 5.0\n start_time: '17:43:55.921947'\n duration: 34.159\n __id__: mgr_deploy_tools_uyuni_key\nfile_|-mgr_deploy_suse_addon_key_|-/etc/pki/rpm-gpg/suse-addon-97a636db0bad8ecc.key_|-managed:\n changes: {\n }\n comment: File /etc/pki/rpm-gpg/suse-addon-97a636db0bad8ecc.key is in the correct state\n name: /etc/pki/rpm-gpg/suse-addon-97a636db0bad8ecc.key\n result: true\n __sls__: channels.gpg-keys\n __run_num__: 6.0\n start_time: '17:43:55.956262'\n duration: 34.735\n __id__: mgr_deploy_suse_addon_key\nfile_|-mgrchannels_repo_|-/etc/zypp/repos.d/susemanager:channels.repo_|-managed:\n changes: {\n }\n comment: File /etc/zypp/repos.d/susemanager:channels.repo is in the correct state\n name: /etc/zypp/repos.d/susemanager:channels.repo\n result: true\n __sls__: channels\n __run_num__: 7.0\n start_time: '17:43:55.991156'\n duration: 123.044\n __id__: mgrchannels_repo\nproduct_|-mgrchannels_install_products_|-mgrchannels_install_products_|-all_installed:\n name: mgrchannels_install_products\n changes: {\n }\n result: true\n comment: All subscribed products are already installed\n __sls__: channels\n __run_num__: 8.0\n start_time: '17:43:56.114639'\n duration: 466.036\n __id__: mgrchannels_install_products\npkg_|-mgrchannels_inst_suse_build_key_|-suse-build-key_|-installed:\n name: suse-build-key\n changes: {\n }\n result: true\n comment: All specified packages are already installed\n __sls__: channels\n __run_num__: 9.0\n start_time: '17:43:56.581182'\n duration: 4321.058\n __id__: mgrchannels_inst_suse_build_key\npkg_|-mgr_regular_patches_|-mgr_regular_patches_|-patch_installed:\n name: mgr_regular_patches\n changes:\n perl-base:\n old:\n - version: 5.26.1\n install_date_time_t: 1.719820515E9\n release: 150300.17.14.1\n epoch: null\n arch: x86_64\n new:\n - version: 5.26.1\n install_date_time_t: 1.723455849E9\n release: 150300.17.17.1\n epoch: null\n arch: x86_64\n perl:\n old:\n - version: 5.26.1\n install_date_time_t: 1.719820534E9\n release: 150300.17.14.1\n epoch: null\n arch: x86_64\n new:\n - version: 5.26.1\n install_date_time_t: 1.72345585E9\n release: 150300.17.17.1\n epoch: null\n arch: x86_64\n perl-core-DB_File:\n old:\n - version: 5.26.1\n install_date_time_t: 1.719820534E9\n
release: 150300.17.14.1\n epoch: null\n arch: x86_64\n new:\n - version: 5.26.1\n install_date_time_t: 1.72345585E9\n release: 150300.17.17.1\n epoch: null\n
arch: x86_64\n ucode-intel:\n old:\n - version: '20240312'\n install_date_time_t: 1.719820562E9\n release: 150200.38.1\n epoch: null\n arch: x86_64\n new:\n - version: '20240514'\n install_date_time_t: 1.723455848E9\n release: 150200.41.1\n
epoch: null\n arch: x86_64\n result: true\n comment: ''\n __sls__: packages.patchinstall\n __run_num__: 10.0\n start_time: '17:44:00.902568'\n duration: 28536.465\n __id__: mgr_regular_patches\n",
"picked_up": "Aug 12, 2024, 5:43:44 PM",
"earliest_action": "Aug 12, 2024, 5:43:44 PM",
"additional_info": [
{
"detail": "SUSE-15-SP6-2024-1762 (important: Security update for perl)"
},
{
"detail": "SUSE-15-SP6-2024-1771 (important: Security update for ucode-intel)"
}
],
"created": "Aug 12, 2024, 5:43:44 PM",
"history_type": "Patch Update",
"result_code": 0,
"id": 25,
"completed": "Aug 12, 2024, 5:44:21 PM",
"status": "Completed"
}
}