SEMP script required for Enabling/Disabling VPN

fellaamazing · July 2021

I am trying to write powershell/BASH script to enable/disable VPN. Can anyone give me a sample script (BASH or powershell)

Assume My VPN URL is this:

http://10.1.255.255:8080/SEMP/v2/config/msgVpns/v001

let's assume user name is admin. Password is ADMpwd1

RobO · July 2021

An example call I have used in the past is the following (with your URL and creds in place):

curl -X PATCH -u admin:ADMpwd1 -H "content-type: application/json" http://10.1.255.255:8080/SEMP/v2/config/msgVpns/v001 -d '{"enabled":false}'

Change "enabled":true to enable. You can then wrap that call in any script that you want.

RobO · July 2021

An example call I have used in the past is the following (with your URL and creds in place):

curl -X PATCH -u admin:ADMpwd1 -H "content-type: application/json" http://10.1.255.255:8080/SEMP/v2/config/msgVpns/v001 -d '{"enabled":false}'

Change "enabled":true to enable. You can then wrap that call in any script that you want.

marc · July 2021

thanks for the quick answer @RobO!

fellaamazing · July 2021

What if password has special characters?
I am getting The underlying connection was closed.
I even tried to URL encode the password.

For another solace machine that had simpler password, Get command is working fine, however Patch command is giving me (400) Bad Request

That was from powershell.

When I did the same from BASH, I always get Failed to connect to.... ; Connection refused. Interestingly the message mentions port 80 for some reason instead of the one I specify.

RobO · July 2021

I just tested and you should be able to put single quotes around the username:password field

-u 'admin:admin!@#'

Can you provide the description in the error section? Does it say Bad Request?

fellaamazing · July 2021

When using Bash, this is what I get

fellaamazing · July 2021

This was my request.

fellaamazing · July 2021

Never mind. It worked. Just noticed extra / in IP. lol

Aaron · July 2021

I made a bash script a (long) while ago to simulate a bunch of failure conditions for testing. It's not done, but maybe it can help..?

#!/usr/bin/env sh

# https://docs.solace.com/API-Developer-Online-Ref-Documentation/swagger-ui/config/index.html

ROUTER=localhost:8080
ADMIN_USER=admin
ADMIN_PW=admin
VPN=default
OUTAGE_LENGTH_SECONDS=5

VPN=default
CLIENT_USERNAME=default
CLIENT_PROFILE=default
ACL_PROFILE=default

#echo Getting hostname via SEMPv1...
#OUTPUT=$(curl -s -u $ADMIN_USER:$ADMIN_PW http://$ROUTER/SEMP -X POST -d '<rpc><show><hostname/></show></rpc>' | perl -ne ' if (m|<hostname>(.*?)</hostname>|) { print "$1"; } ')
# might not be global admin priveleges (e.g. Solace CLoud)

CUR_SPOOL=$(curl -s -u $ADMIN_USER:$ADMIN_PW "http://$ROUTER/SEMP/v2/config/msgVpns/default?select=maxMsgSpoolUsage" -X GET -H "Content-type:application/json" | perl -ne ' if (/"maxMsgSpoolUsage":(\d+)/) { print "$1"; } ')
echo CUR SPOOL = $CUR_SPOOL

echo About to run some simple error case tests on Solace broker $OUTPUT at $ROUTER

# bounce the Message VPN to disable all client connections and such for a few seconds
echo About to shutdown $VPN VPN for $OUTAGE_LENGTH_SECONDS seconds...
if ! curl -f -s -S -u $ADMIN_USER:$ADMIN_PW "http://$ROUTER/SEMP/v2/config/msgVpns/$VPN" -X PATCH -H "Content-type:application/json" -d '{"enabled":false}' > /dev/null; then
    echo " X ERROR! Could not shutdown $VPN VPN. Exiting."
    exit 1
else
    echo " + Success! $VPN VPN is shutdown."
fi
sleep $OUTAGE_LENGTH_SECONDS

echo About to enable $VPN VPN...
if ! curl -f -s -S -u $ADMIN_USER:$ADMIN_PW "http://$ROUTER/SEMP/v2/config/msgVpns/$VPN" -X PATCH -H "Content-type:application/json" -d '{"enabled":true}' > /dev/null; then
    echo " X ERROR! Could not enable $VPN VPN. Beware, VPN might be left in a shutdown state. Exiting."
    exit 2
else
    echo " + Success! $VPN VPN is enabled."
fi
exit 0


# set the message spool to 0bounce the Message VPN to disable all client connections and such for a few seconds
echo About to disable all persistent publishing into $VPN VPN for $OUTAGE_LENGTH_SECONDS seconds...

if ! curl -f -s -S -u $ADMIN_USER:$ADMIN_PW "http://$ROUTER/SEMP/v2/config/msgVpns/$VPN" -X PATCH -H "Content-type:application/json" -d '{"maxMsgSpoolUsage":0}' > /dev/null; then
    echo " X ERROR! Could not shutdown $VPN VPN. Exiting."
    exit 1
else
    echo " + Success! $VPN VPN is shutdown."
fi
sleep $OUTAGE_LENGTH_SECONDS

echo About to put message spool back to $CUR_SPOOL MB in $VPN VPN...
if ! curl -f -s -S -u $ADMIN_USER:$ADMIN_PW "http://$ROUTER/SEMP/v2/config/msgVpns/$VPN" -X PATCH -H "Content-type:application/json" -d '{"maxMsgSpoolUsage":$CUR_SPOOL}' > /dev/null; then
    echo " X ERROR! Could not enable $VPN VPN. Beware, VPN might be left in a shutdown state. Exiting."
    exit 2
else
    echo " + Success! VPN $VPN is enabled."
fi




# now let's add an ACL publish issue
echo About to add a publish ACLs to acl-profile $ACL_PROFILE for $OUTAGE_LENGTH_SECONDS seconds...
exit 3
if ! curl -f -s -S -u $ADMIN_USER:$ADMIN_PW "http://$ROUTER/SEMP/v2/config/msgVpns/$VPN" -X PATCH -H "Content-type:application/json" -d '{"enabled":false}' > /dev/null; then
    echo " X ERROR! Could not shutdown VPN. Exiting."
    exit 1
else
    echo " + Success! VPN is shutdown."
fi
sleep $OUTAGE_LENGTH_SECONDS

echo About to enable the VPN...
if ! curl -f -s -S -u $ADMIN_USER:$ADMIN_PW "http://$ROUTER/SEMP/v2/config/msgVpns/$VPN" -X PATCH -H "Content-type:application/json" -d '{"enabled":true}' > /dev/null; then
    echo " X ERROR! Could not enable VPN. Beware, VPN might be left in a shutdown state. Exiting."
    exit 2
else
    echo " + Success! VPN is enabled."
fi

SEMP script required for Enabling/Disabling VPN

Best Answer

Answers

Categories

This Month's Leaders

This Week's Leaders