{php}IPAM: The API server module and automating IP address reservation

I have recently provided articles in regards to the installation and configuration of {php}IPAM IP. One of my use cases for investigating the use of IP address management systems was to provide a API/server module to request an IP address for allocation.

By default, a module is provided to request an IP address by browsing to Administration > IPAM settings > Feature Settings  and enabling the ‘IP request module’.

IPAM_IP_Request_Module_Enabled

However, this requires user interaction in order to approve the pending request. Now this is where I discovered a number of php scripts by Doug Morris that leverage the API framework. In this scenario, getFreeIP.php provides the functionality to retrieve the first available IP address for a subnet. In addition the following scripts are available from the repository:

getIPs.php – dump information for a subnet.
removeHost.php – removes IP address information from a subnet for a host.
tokenValid.php – validates API token for requests. ​

In order to  retrieve the first available IP address for a subnet we will also require to validate the API token for the request so we will also need the tokenValid.php file as well. The files should be placed in the ‘/var/www/phpipam/api’ directory.

cd /tmp 
git clone https://github.com/covermymeds/phpIPAM-api.git
cd /tmp/api
cp getFreeIP.php tokenValid.php /var/www/phpipam/api

In order to submit a request to the API we need to browse to Administration > IPAM Settings > Feature Settings and enable the API server module. Then browse to Administration > IPAM Settings > API Management to create an API key to which you will specify an application identifier and for this use case set ‘Read’ application permissions.

API_Enable_IPAM

API_App_IPAM

In order for the API server module to provide data to client requests the php curl and mcrypt extensions are required to be installed, the mcrypt extension enabled and a restart of the Apache Web Server to apply.

sudo apt-get install php5-curl php5-mcrypt
sudo php5enmod mcrypt
sudo service apache2 restart

Now we have enabled API server module, created the API key and placed the script files on the host. We can now send an HTTPS request which requires the following information:

Application Identifier
Application Code
Subnet
Hostname
Owner

The request will return the first free IP address in for the subnet and reserve the IP address. If an IP address has already been reserved for the hostname, this will be returned. In this example I am submitting a request to reserve an IP address for the hostname ‘server1.dean.local’ in the subnet ‘10.0.0.0’ and specifying the owner as ‘deangrant’

curl https://ipam.dean.local/api/getFreeIP.php?apiapp=dean&apitoken=30c13f9d33668a5e13e79a5865dc409f&subnet=10.0.0.0&server1.dean.local&user=deangrant
10.0.0.3
Advertisements

3 thoughts on “{php}IPAM: The API server module and automating IP address reservation

  1. Hi Dean,

    Thanks for writing this post, it’s very helpful and informative. The only api functionality I’ve successfully been able to use in phpipam is your api files found here.

    I’m not familiar enough with mcrypt in php to be able to send encrypted requests. I’m wondering if you found a way to modify the given php file in phpipam api to remove the encrypted requirement, and if so, share?

    Thanks,

    Steven

    Like

  2. Hi, i sorry, but me need help. I try set API, but is not work. I read to github, but author silent.

    Trouble:

    Hi, please need help with API. My enviromment:

    phpipam 1.3;
    Server version: Apache/2.4.10 (Debian);
    PHP 5.6.30-0+deb8u1 (cli);
    My site config:

    ServerName ipam.example.com
    Redirect “/” “https://ipam.example.com/”

    ServerName ipam.example.com
    DocumentRoot /var/www/phpipam

    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/name.crt
    SSLCertificateKeyFile /etc/apache2/ssl/name.key

    ServerAdmin support@example.com

    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Prettify links is enable. I create api key:

    app id: vpn
    app code: xxxxxxx
    permission: read
    security: crypt

    I try get:

    curl -X GET https://ipam.example.com/api/vpn/subnets/6/?links\=false –header “token: xxxxxxx”

    Answer:

    {“code”:400,”success”:0,”message”:”Request is not valid”,”time”:0}

    I don’t understand why it is not work. You may me need help?

    I will be grateful for any help

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s