OPNBECore
Method |
Module |
Controller |
Command |
Parameters |
|---|---|---|---|---|
|
opncentral |
sync |
listServices |
|
|
opncentral |
sync |
listClasses |
|
|
opncentral |
sync |
metrics |
|
|
opncentral |
sync |
readConfig |
$paths |
|
opncentral |
sync |
reconfigure |
|
|
opncentral |
sync |
restartService |
Sync API explained
The sync API is being used to process central actions in parallell from the OPNcentral dashboard.
As explained in the documentation for OPNcentral, provisioning is able to detect change on the sections it may
distribute. In order to do this the listClasses API action plays a large role here.
listClasses
The list classes endpoint provides insights into the different configuration items the target host understands and how these are tied into services. It’s also a key component in comparing configuration items.
{
"classes": [
{
"description": "Aliases",
"help": "Synchronize the aliases over to the other HA host.",
"section": "OPNsense.Firewall.Alias",
"services": [
"pf"
],
"md5": "942d6358fb4f17abed7cf4f5de6c5b24",
"id": "aliases"
},
"runtime": 0.07380509376525879
}
When the target firewall is 100% equal to the central node, the md5 values will match. In order to steer
specific overrides on the synchronisation action, it is possible to send a json encoded base64 structure as metadata
post parameter (not available in the online documentation, advanced usage only).
readConfig
This endpoint is responsible for providing access to various parts of the configuration and mostly practical to retrieve parts of the configuration.
Example usage of this endpoint is provided below.
import json
import requests
auth = {
"key":"3RhWOno+HwvtmT406I6zw8of8J6n9FOKlWK6U0B+K7stt/fDaJg7bjeF3QAshlScYqC+3o5THy3vQViW",
"secret":"uaBk27NKhQCZSDpfAlG6YJ473MzvsCNiED6kzbYuykzU05fCRkcJADhDm5nxbZt8yREC74ZpvD/vbcEx"
}
r = requests.get(
'https://127.0.0.1/api/opncentral/sync/read_config/OPNsense.Firewall.Alias',
auth=(auth['key'], auth['secret']),
verify=False # use for localhost testing only
)
print(r.text)
When executed, this will dump the contents of the configuration path OPNsense.Firewall.Alias into a named array
with serialisable content.
reconfigure
The reconfigure action is the counterpart of the readConfig endpoint and accepts new configuration data specified in
the payload attribute of the POST request.
In some cases configuration merges have ways to handle local changes, which is documented in the “Provisioning classes” section of the OPNcentral documentation.
After merging the new configuration, this endpoint also detects which services need to be restarted and will issue a restart command automatically.
import json
import requests
auth = {
"key":"3RhWOno+HwvtmT406I6zw8of8J6n9FOKlWK6U0B+K7stt/fDaJg7bjeF3QAshlScYqC+3o5THy3vQViW",
"secret":"uaBk27NKhQCZSDpfAlG6YJ473MzvsCNiED6kzbYuykzU05fCRkcJADhDm5nxbZt8yREC74ZpvD/vbcEx"
}
payload = "<<dictionary type content from readConfig>>"
r = requests.post(
'https://127.0.0.1/api/opncentral/sync/reconfigure',
auth=(auth['key'], auth['secret']),
json={'payload': payload},
verify=False, # use for localhost testing only
headers={'Content-Type': 'application/json; charset=UTF-8'}
)
listServices
In order to gain insights on the active running services, you can use the listServices api action. This will report all active services and their status.
restartService
The restart service action is also used in and offers the ability to restart a list of selected services on the target host.
import json
import requests
auth = {
"key":"3RhWOno+HwvtmT406I6zw8of8J6n9FOKlWK6U0B+K7stt/fDaJg7bjeF3QAshlScYqC+3o5THy3vQViW",
"secret":"uaBk27NKhQCZSDpfAlG6YJ473MzvsCNiED6kzbYuykzU05fCRkcJADhDm5nxbZt8yREC74ZpvD/vbcEx"
}
r = requests.post(
'https://127.0.0.1/api/opncentral/sync/restart_service',
auth=(auth['key'], auth['secret']),
json={'services':['cron']},
verify=False, # use for localhost testing only
headers={'Content-Type': 'application/json; charset=UTF-8'}
)
The example above will restart the cron service.