API Guide
A guide to using the Red Hat Satellite Representational State Transfer (REST) API
Abstract
Chapter 1. Introduction
Red Hat Satellite provides a Representational State Transfer (REST) API. The API provides software developers and system administrators with control over their Red Hat Satellite environment outside of the standard web interface. The REST API is useful for developers and administrators who aim to integrate the functionality of Red Hat Satellite with custom scripts or external applications that access the API over HTTP.
1.1. Overview of the Red Hat Satellite API
The benefits of using the REST API are:
- Broad client support — any programming language, framework, or system with support for HTTP protocol can use the API.
- Self-descriptive — client applications require minimal knowledge of the Red Hat Satellite infrastructure because a user discovers many details at runtime.
- Resource-based model — the resource-based REST model provides a natural way to manage a virtualization platform.
You can use the REST API to perform the following tasks:
- Integrate with enterprise IT systems.
- Integrate with third-party applications.
- Perform automated maintenance or error checking tasks.
- Automate repetitive tasks with scripts.
As you prepare to upgrade Satellite Server, ensure that any scripts you use that contain Satellite API commands are up to date. API commands differ between versions of Satellite. For more information about changes in the API, see the Knowledgebase article API Changes Between Satellite Versions on the Red Hat Customer Portal.
1.2. Satellite API Compared to Hammer CLI Tool
For many tasks, you can use both Hammer and Satellite API. You can use Hammer as a human-friendly interface to Satellite API. For example, to test responses to API calls before applying them in a script, use the --debug
option to inspect API calls that Hammer issues: hammer --debug organization list
.
In the background, each Hammer command first establishes a binding to the API and then sends a request. This can have performance implications when executing a large number of Hammer commands in sequence. In contrast, scripts that use API commands communicate directly with the Satellite API.
Note that you must manually update scripts that use API commands, while Hammer automatically reflects changes in the API. For more information, see the Hammer CLI Guide.
Chapter 2. API Reference
The full API reference is available on your Satellite Server at https://satellite.example.com/apidoc/v2.html
. Be aware that even though versions 1 and 2 of the Satellite 6 API are available, Red Hat only supports version 2.
2.1. Understanding the API Syntax
The built-in API reference shows the API route, or path, preceded by an HTTP verb:
HTTP_VERB API_ROUTE
To work with the API, construct a command using the curl
command syntax and the API route from the reference document:
$ curl --request HTTP_VERB \ 1 --insecure \ 2 --user sat_username:sat_password \ 3 --data @file.json \ 4 --header "Accept:application/json" \ 5 --header "Content-Type:application/json" \ 6 --output file 7 API_ROUTE \ 8 | python -m json.tool 9
- 1
- To use
curl
for the API call, specify an HTTP verb with the--request
option. For example,--request POST
. - 2
- Add the
--insecure
option to skip SSL peer certificate verification check. - 3
- Provide user credentials with the
--user
option. - 4
- For
POST
andPUT
requests, use the--data
option to pass JSON formatted data. For more information, see Section 4.1.1, “Passing JSON Data to the API Request”. - 5 6
- When passing the JSON data with the
--data
option, you must specify the following headers with the--header
option. For more information, see Section 4.1.1, “Passing JSON Data to the API Request”. - 7
- When downloading content from Satellite Server, specify the output file with the
--output
option. - 8
- Use the API route in the following format:
https://satellite.example.com/katello/api/activation_keys
. In Satellite 6, version 2 of the API is the default. Therefore it is not necessary to usev2
in the URL for API calls. - 9
- Redirect the output to the Python
json.tool
module to make the output easier to read.
2.1.1. Using the GET HTTP Verb
Use the GET HTTP verb to get data from the API about an existing entry or resource.
Example
This example requests the amount of Satellite hosts:
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/hosts | python -m json.tool
Example response:
{
"total": 2,
"subtotal": 2,
"page": 1,
"per_page": 20,
"search": null,
"sort": {
"by": null,
"order": null
},
"results":
output truncated
The response from the API indicates that there are two results in total, this is the first page of the results, and the maximum results per page is set to 20. For more information, see Section 2.2, “Understanding the JSON Response Format”.
2.1.2. Using the POST HTTP Verb
Use the POST HTTP verb to submit data to the API to create an entry or resource. You must submit the data in JSON format. For more information, see Section 4.1.1, “Passing JSON Data to the API Request”.
Example
This example creates an activation key.
Create a test file, for example,
activation-key.json
, with the following content:{"organization_id":1, "name":"TestKey", "description":"Just for testing"}
Create an activation key by applying the data in the
activation-key.json
file:Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" --request POST \ --user sat_username:sat_password --insecure \ --data @activation-key.json \ https://satellite.example.com/katello/api/activation_keys \ | python -m json.tool
Example response:
{ "id": 2, "name": "TestKey", "description": "Just for testing", "unlimited_hosts": true, "auto_attach": true, "content_view_id": null, "environment_id": null, "usage_count": 0, "user_id": 3, "max_hosts": null, "release_version": null, "service_level": null, "content_overrides": [ ], "organization": { "name": "Default Organization", "label": "Default_Organization", "id": 1 }, "created_at": "2017-02-16 12:37:47 UTC", "updated_at": "2017-02-16 12:37:48 UTC", "content_view": null, "environment": null, "products": null, "host_collections": [ ], "permissions": { "view_activation_keys": true, "edit_activation_keys": true, "destroy_activation_keys": true } }
- Verify that the new activation key is present. In the Satellite web UI, navigate to Content > Activation keys to view your activation keys.
2.1.3. Using the PUT HTTP Verb
Use the PUT HTTP verb to change an existing value or append to an existing resource. You must submit the data in JSON format. For more information, see Section 4.1.1, “Passing JSON Data to the API Request”.
Example
This example updates the TestKey
activation key created in the previous example.
Edit the
activation-key.json
file created previously as follows:{"organization_id":1, "name":"TestKey", "description":"Just for testing","max_hosts":"10" }
Apply the changes in the JSON file:
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" --request PUT \ --user sat_username:sat_password --insecure \ --data @activation-key.json \ https://satellite.example.com/katello/api/activation_keys/2 \ | python -m json.tool
Example response:
{ "id": 2, "name": "TestKey", "description": "Just for testing", "unlimited_hosts": false, "auto_attach": true, "content_view_id": null, "environment_id": null, "usage_count": 0, "user_id": 3, "max_hosts": 10, "release_version": null, "service_level": null, "content_overrides": [ ], "organization": { "name": "Default Organization", "label": "Default_Organization", "id": 1 }, "created_at": "2017-02-16 12:37:47 UTC", "updated_at": "2017-02-16 12:46:17 UTC", "content_view": null, "environment": null, "products": null, "host_collections": [ ], "permissions": { "view_activation_keys": true, "edit_activation_keys": true, "destroy_activation_keys": true } }
- In the Satellite web UI, verify the changes by navigating to Content > Activation keys.
2.1.4. Using the DELETE HTTP Verb
To delete a resource, use the DELETE verb with an API route that includes the ID of the resource you want to delete.
Example
This example deletes the TestKey
activation key which ID is 2:
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" --request DELETE \ --user sat_username:sat_password --insecure \ https://satellite.example.com/katello/api/activation_keys/2 \ | python -m json.tool
Example response:
output omitted "started_at": "2017-02-16 12:58:17 UTC", "ended_at": "2017-02-16 12:58:18 UTC", "state": "stopped", "result": "success", "progress": 1.0, "input": { "activation_key": { "id": 2, "name": "TestKey" output truncated
2.1.5. Relating API Error Messages to the API Reference
The API uses a RAILs format to indicate an error:
Nested_Resource.Attribute_Name
This translates to the following format used in the API reference:
Resource[Nested_Resource_attributes][Attribute_Name_id]
2.2. Understanding the JSON Response Format
Calls to the API return results in JSON format. The API call returns the result for a single-option response or for responses collections.
JSON Response Format for Single Objects
You can use single-object JSON responses to work with a single object. API requests to a single object require the object’s unique identifier :id
.
This is an example of the format for a single-object request for the Satellite domain which ID is 23:
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/domains/23 | python -m json.tool
Example response:
{ "id": 23, "name": "qa.lab.example.com", "fullname": "QA", "dns_id": 10, "created_at": "2013-08-13T09:02:31Z", "updated_at": "2013-08-13T09:02:31Z" }
JSON Response Format for Collections
Collections are a list of objects such as hosts and domains. The format for a collection JSON response consists of a metadata fields section and a results section.
This is an example of the format for a collection request for a list of Satellite domains:
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/domains | python -m json.tool
Example response:
{ "total": 3, "subtotal": 3, "page": 1, "per_page": 20, "search": null, "sort": { "by": null, "order": null }, "results": [ { "id": 23, "name": "qa.lab.example.com", "fullname": "QA", "dns_id": 10, "created_at": "2013-08-13T09:02:31Z", "updated_at": "2013-08-13T09:02:31Z" }, { "id": 25, "name": "sat.lab.example.com", "fullname": "SATLAB", "dns_id": 8, "created_at": "2013-08-13T08:32:48Z", "updated_at": "2013-08-14T07:04:03Z" }, { "id": 32, "name": "hr.lab.example.com", "fullname": "HR", "dns_id": 8, "created_at": "2013-08-16T08:32:48Z", "updated_at": "2013-08-16T07:04:03Z" } ] }
The response metadata fields
API response uses the following metadata fields:
-
total
— The total number of objects without any search parameters. -
subtotal
— The number of objects returned with the given search parameters. If there is no search, then subtotal is equal to total. -
page
— The page number. -
per_page
— The maximum number of objects returned per page. -
limit
— The specified number of objects to return in a collection response. -
offset
— The number of objects skipped before returning a collection. -
search
— The search string based onscoped_scoped
syntax. sort
-
by
— Specifies by what field the API sorts the collection. -
order
— The sort order, either ASC for ascending or DESC for descending.
-
-
results
— The collection of objects.
Chapter 3. Authenticating API Calls
Interaction with the Satellite API requires SSL authentication with Satellite Server CA certificate and authentication with valid Satellite user credentials. This chapter outlines the authenticating methods you can use.
3.1. SSL Authentication Overview
Red Hat Satellite uses HTTPS, which provides a degree of encryption and identity verification when communicating with a Red Hat Satellite Server. Satellite 6.9 does not support non-SSL communications.
Each Red Hat Satellite Server uses a self-signed certificate. This certificate acts as both the server certificate to verify the encryption key and the certificate authority (CA) to trust the identity of Satellite Server.
3.1.1. Configuring SSL Authentication
Use the following procedure to configure an SSL authentication for the API requests to Satellite Server.
Procedure
Obtain a certificate from the Satellite Server with which you want to communicate using one of the following options:
If you execute the command from a remote server, obtain a certificate using SSH:
$ scp root@satellite.example.com:/var/www/html/pub/katello-server-ca.crt ./
If you execute the command directly on the Satellite Server, copy the certificate to the current directory:
$ cp /var/www/html/pub/katello-server-ca.crt ./
Use the API request with the
--cacert katello-server-ca.crt
option to verify the identity of the Satellite Server:$ curl --request GET \ --user sat_username:sat_password \ --header "Accept:application/json" \ --cacert katello-server-ca.crt \ https://satellite.example.com/katello/api/organizations \ | python -m json.tool
Create a Network Security Services (NSS) database to store the
katello-server-ca.crt
certificate:$ certutil -N -d sql:$HOME/.pki/nssdb
Permanently include the certificate in the NSS database:
$ certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "Red Hat Satellite" \ -i katello-server-ca.crt
Verify that the certificate is present in the NSS database by entering the API request without the
--cacert
option:$ curl --request GET \ --user sat_username:sat_password \ https://satellite.example.com/api/v2/hosts
3.2. HTTP Authentication Overview
All requests to the Satellite API require a valid Satellite user name and password. The API uses HTTP Basic Authentication to encode these credentials and add to the Authorization
header. For more information about Basic Authentication, see RFC 2617 HTTP Authentication: Basic and Digest Access Authentication. If a request does not include an appropriate Authorization
header, the API returns a 401 Authorization Required
error
Basic authentication involves potentially sensitive information, for example, it sends passwords as plain text. The REST API requires HTTPS for transport level encryption of plain text requests.
Some base64 libraries break encoded credentials into multiple lines and terminate each line with a newline character. This invalidates the header and causes a faulty request. The Authorization header requires that the encoded credentials be on a single line within the header.
3.3. OAuth Authentication Overview
As an alternative to basic authentication, you can use limited OAuth 1.0 authentication. This is sometimes referred to as 1-legged OAuth in version 1.0a of the protocol.
To view OAuth settings, in the Satellite web UI, navigate to Administer > Settings > Authentication. The OAuth consumer key is the token to be used by all OAuth clients.
Satellite stores OAuth settings in the /etc/foreman/settings.yaml
file. Use the satellite-installer
script to configure these settings, because Satellite overwrites any manual changes to this file when upgrading.
3.3.1. Configuring OAuth
To change the OAuth settings, enter the satellite-installer
with the required options. Enter the following command to list all the OAuth related installer options:
# satellite-installer --full-help | grep oauth
Enabling OAuth mapping
By default, Satellite authorizes all OAuth API requests as the built-in anonymous API administrator account. Therefore, API responses include all Satellite data. However, you can also specify the Foreman user that makes the request and restrict access to data to that user.
To enable OAuth user mapping, enter the following command:
# satellite-installer --foreman-oauth-map-users true
Satellite does not sign the header in an OAuth request. Anyone with a valid consumer key can impersonate any Foreman user.
3.3.2. OAuth Request Format
Use an OAuth client library to construct all OAuth parameters. Every OAuth API request requires the FOREMAN-USER
header with the login of an existing Foreman user and the Authorization
header in the following format:
--header 'FOREMAN-USER: sat_username' \ --header 'Authorization: OAuth oauth_version="1.0",oauth_consumer_key="secretkey",oauth_signature_method="hmac-sha1",oauth_timestamp=1321473112,oauth_signature=Il8hR8/ogj/XVuOqMPB9qNjSy6E='
Example
This example lists architectures using OAuth for authentication. The request uses a sat_username username in the FOREMAN-USER
header. With the --foreman-oauth-map-users
set to true
, the response includes only architectures that the user has access to view. The signature reflects every parameter, HTTP method, and URI change.
Example request:
$ curl 'https://satellite.example.com/api/architectures' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'FOREMAN-USER: sat_username' \ --header 'Authorization: OAuth oauth_version="1.0",oauth_consumer_key="secretkey",oauth_signature_method="hmac-sha1",oauth_timestamp=1321473112,oauth_signature=Il8hR8/ogj/XVuOqMPB9qNjSy6E='
Chapter 4. API Requests in Different Languages
This chapter outlines sending API requests to Red Hat Satellite with curl, Ruby, and Python and provides examples.
4.1. API Requests with curl
This section outlines how to use curl
with the Satellite API to perform various tasks.
Red Hat Satellite requires the use of HTTPS, and by default a certificate for host identification. If you have not added the Satellite Server certificate as described in Section 3.1, “SSL Authentication Overview”, then you can use the --insecure
option to bypass certificate checks.
For user authentication, you can use the --user
option to provide Satellite user credentials in the form --user username:password
or, if you do not include the password, the command prompts you to enter it. To reduce security risks, do not include the password as part of the command, because it then becomes part of your shell history. Examples in this section include the password only for the sake of simplicity.
Be aware that if you use the --silent
option, curl
does not display a progress meter or any error messages.
Examples in this chapter use the Python json.tool
module to format the output.
4.1.1. Passing JSON Data to the API Request
You can pass data to Satellite Server with the API request. The data must be in JSON format. When specifying JSON data with the --data
option, you must set the following HTTP headers with the --header
option:
--header "Accept:application/json" \ --header "Content-Type:application/json"
Use one of the following options to include data with the --data
option:
The quoted JSON formatted data enclosed in curly braces
{}
. When passing a value for a JSON type parameter, you must escape quotation marks"
with backslashes\
. For example, within curly braces, you must format"Example JSON Variable"
as\"Example JSON Variable\"
:--data {"id":44, "smart_class_parameter":{"override":"true", "parameter_type":"json", "default_value":"{\"GRUB_CMDLINE_LINUX\": {\"audit\":\"1\",\"crashkernel\":\"true\"}}"}}
The unquoted JSON formatted data enclosed in a file and specified by the
@
sign and the filename. For example:--data @file.json
Using external files for JSON formatted data has the following advantages:
- You can use your favorite text editor.
- You can use syntax checker to find and avoid mistakes.
- You can use tools to check the validity of JSON data or to reformat it.
Validating a JSON file
Use the json_verify
tool to check the validity of a JSON file:
$ json_verify < test_file.json
4.1.2. Retrieving a List of Resources
This section outlines how to use curl
with the Satellite 6 API to request information from your Satellite deployment. These examples include both requests and responses. Expect different results for each deployment.
Listing Users
This example is a basic request that returns a list of Satellite resources, Satellite users in this case. Such requests return a list of data wrapped in metadata, while other request types only return the actual object.
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/users | python -m json.tool
Example response:
{ "page": 1, "per_page": 20, "results": [ { "admin": false, "auth_source_id": 1, "auth_source_name": "Internal", "created_at": "2018-09-21 08:59:22 UTC", "default_location": null, "default_organization": null, "description": "", "effective_admin": false, "firstname": "", "id": 5, "last_login_on": "2018-09-21 09:03:25 UTC", "lastname": "", "locale": null, "locations": [], "login": "test", "mail": "example@domain.com", "organizations": [ { "id": 1, "name": "Default Organization" } ], "ssh_keys": [], "timezone": null, "updated_at": "2018-09-21 09:04:45 UTC" }, { "admin": true, "auth_source_id": 1, "auth_source_name": "Internal", "created_at": "2018-09-20 07:09:41 UTC", "default_location": null, "default_organization": { "description": null, "id": 1, "name": "Default Organization", "title": "Default Organization" }, "description": "", "effective_admin": true, "firstname": "Admin", "id": 4, "last_login_on": "2018-12-07 07:31:09 UTC", "lastname": "User", "locale": null, "locations": [ { "id": 2, "name": "Default Location" } ], "login": "admin", "mail": "root@example.com", "organizations": [ { "id": 1, "name": "Default Organization" } ], "ssh_keys": [], "timezone": null, "updated_at": "2018-11-14 08:19:46 UTC" } ], "search": null, "sort": { "by": null, "order": null }, "subtotal": 2, "total": 2 }
4.1.3. Creating and Modifying Resources
This section outlines how to use curl
with the Satellite 6 API to manipulate resources on the Satellite Server. These API calls require that you pass data in json
format with the API call. For more information, see Section 4.1.1, “Passing JSON Data to the API Request”.
Creating a User
This example creates a user using --data
option to provide required information.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" --request POST \ --user sat_username:sat_password --insecure \ --data "{\"firstname\":\"Test Name\",\"mail\":\"test@example.com\",\"login\":\"test_user\",\"password\":\"password123\",\"auth_source_id\":1}" \ https://satellite.example.com/api/users | python -m json.tool
Modifying a User
This example modifies first name and login of the test_user
that was created in Creating a User.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" --request PUT \ --user sat_username:sat_password --insecure \ --data "{\"firstname\":\"New Test Name\",\"mail\":\"test@example.com\",\"login\":\"new_test_user\",\"password\":\"password123\",\"auth_source_id\":1}" \ https://satellite.example.com/api/users/8 | python -m json.tool
4.2. API Requests with Ruby
This section outlines how to use Ruby with the Satellite API to perform various tasks.
These are example scripts and commands. Ensure you review these scripts carefully before use, and replace any variables, user names, passwords, and other information to suit your own deployment.
4.2.1. Creating Objects Using Ruby
This script connects to the Red Hat Satellite 6 API and creates an organization, and then creates three environments in the organization. If the organization already exists, the script uses that organization. If any of the environments already exist in the organization, the script raises an error and quits.
#!/usr/bin/ruby require 'rest-client' require 'json' url = 'https://satellite.example.com/api/v2/' katello_url = "#{url}/katello/api/v2/" $username = 'admin' $password = 'changeme' org_name = "MyOrg" environments = [ "Development", "Testing", "Production" ] # Performs a GET using the passed URL location def get_json(location) response = RestClient::Request.new( :method => :get, :url => location, :user => $username, :password => $password, :headers => { :accept => :json, :content_type => :json } ).execute JSON.parse(response.to_str) end # Performs a POST and passes the data to the URL location def post_json(location, json_data) response = RestClient::Request.new( :method => :post, :url => location, :user => $username, :password => $password, :headers => { :accept => :json, :content_type => :json}, :payload => json_data ).execute JSON.parse(response.to_str) end # Creates a hash with ids mapping to names for an array of records def id_name_map(records) records.inject({}) do |map, record| map.update(record['id'] => record['name']) end end # Get list of existing organizations orgs = get_json("#{katello_url}/organizations") org_list = id_name_map(orgs['results']) if !org_list.has_value?(org_name) # If our organization is not found, create it puts "Creating organization: \t#{org_name}" org_id = post_json("#{katello_url}/organizations", JSON.generate({"name"=> org_name}))["id"] else # Our organization exists, so let's grab it org_id = org_list.key(org_name) puts "Organization \"#{org_name}\" exists" end # Get list of organization's lifecycle environments envs = get_json("#{katello_url}/organizations/#{org_id}/environments") env_list = id_name_map(envs['results']) prior_env_id = env_list.key("Library") # Exit the script if at least one life cycle environment already exists environments.each do |e| if env_list.has_value?(e) puts "ERROR: One of the Environments is not unique to organization" exit end end # Create life cycle environments environments.each do |environment| puts "Creating environment: \t#{environment}" prior_env_id = post_json("#{katello_url}/organizations/#{org_id}/environments", JSON.generate({"name" => environment, "organization_id" => org_id, "prior_id" => prior_env_id}))["id"] end
4.2.2. Using Apipie Bindings with Ruby
Apipie bindings are the Ruby bindings for apipie documented API calls. They fetch and cache the API definition from Satellite and then generate API calls on demand. This example creates an organization, and then creates three environments in the organization. If the organization already exists, the script uses that organization. If any of the environments already exist in the organization, the script raises an error and quits.
#!/usr/bin/tfm-ruby require 'apipie-bindings' org_name = "MyOrg" environments = [ "Development", "Testing", "Production" ] # Create an instance of apipie bindings @api = ApipieBindings::API.new({ :uri => 'https://satellite.example.com/', :username => 'admin', :password => 'changeme', :api_version => 2 }) # Performs an API call with default options def call_api(resource_name, action_name, params = {}) http_headers = {} apipie_options = { :skip_validation => true } @api.resource(resource_name).call(action_name, params, http_headers, apipie_options) end # Creates a hash with IDs mapping to names for an array of records def id_name_map(records) records.inject({}) do |map, record| map.update(record['id'] => record['name']) end end # Get list of existing organizations orgs = call_api(:organizations, :index) org_list = id_name_map(orgs['results']) if !org_list.has_value?(org_name) # If our organization is not found, create it puts "Creating organization: \t#{org_name}" org_id = call_api(:organizations, :create, {'organization' => { :name => org_name }})['id'] else # Our organization exists, so let's grab it org_id = org_list.key(org_name) puts "Organization \"#{org_name}\" exists" end # Get list of organization's life cycle environments envs = call_api(:lifecycle_environments, :index, {'organization_id' => org_id}) env_list = id_name_map(envs['results']) prior_env_id = env_list.key("Library") # Exit the script if at least one life cycle environment already exists environments.each do |e| if env_list.has_value?(e) puts "ERROR: One of the Environments is not unique to organization" exit end end # Create life cycle environments environments.each do |environment| puts "Creating environment: \t#{environment}" prior_env_id = call_api(:lifecycle_environments, :create, {"name" => environment, "organization_id" => org_id, "prior_id" => prior_env_id })['id'] end
4.3. API Requests with Python
This section outlines how to use Python with the Satellite API to perform various tasks.
These are example scripts and commands. Ensure you review these scripts carefully before use, and replace any variables, user names, passwords, and other information to suit your own deployment.
Example scripts in this section do not use SSL verification for interacting with the REST API.
4.3.1. Creating Objects Using Python
This script connects to the Red Hat Satellite 6 API and creates an organization, and then creates three environments in the organization. If the organization already exists, the script uses that organization. If any of the environments already exist in the organization, the script raises an error and quits.
Python 2 Example
#!/usr/bin/python import json import sys try: import requests except ImportError: print "Please install the python-requests module." sys.exit(-1) # URL to your Satellite 6 server URL = "https://satellite.example.com" # URL for the API to your deployed Satellite 6 server SAT_API = "%s/katello/api/v2/" % URL # Katello-specific API KATELLO_API = "%s/katello/api/" % URL POST_HEADERS = {'content-type': 'application/json'} # Default credentials to login to Satellite 6 USERNAME = "admin" PASSWORD = "changeme" # Ignore SSL for now SSL_VERIFY = False # Name of the organization to be either created or used ORG_NAME = "MyOrg" # Name for life cycle environments to be either created or used ENVIRONMENTS = ["Development", "Testing", "Production"] def get_json(location): """ Performs a GET using the passed URL location """ r = requests.get(location, auth=(USERNAME, PASSWORD), verify=SSL_VERIFY) return r.json() def post_json(location, json_data): """ Performs a POST and passes the data to the URL location """ result = requests.post( location, data=json_data, auth=(USERNAME, PASSWORD), verify=SSL_VERIFY, headers=POST_HEADERS) return result.json() def main(): """ Main routine that creates or re-uses an organization and life cycle environments. If life cycle environments already exist, exit out. """ # Check if our organization already exists org = get_json(SAT_API + "organizations/" + ORG_NAME) # If our organization is not found, create it if org.get('error', None): org_id = post_json( SAT_API + "organizations/", json.dumps({"name": ORG_NAME}))["id"] print "Creating organization: \t" + ORG_NAME else: # Our organization exists, so let's grab it org_id = org['id'] print "Organization '%s' exists." % ORG_NAME # Now, let's fetch all available life cycle environments for this org... envs = get_json( SAT_API + "organizations/" + str(org_id) + "/environments/") # ... and add them to a dictionary, with respective 'Prior' environment prior_env_id = 0 env_list = {} for env in envs['results']: env_list[env['id']] = env['name'] prior_env_id = env['id'] if env['name'] == "Library" else prior_env_id # Exit the script if at least one life cycle environment already exists if all(environment in env_list.values() for environment in ENVIRONMENTS): print "ERROR: One of the Environments is not unique to organization" sys.exit(-1) # Create life cycle environments for environment in ENVIRONMENTS: new_env_id = post_json( SAT_API + "organizations/" + str(org_id) + "/environments/", json.dumps( { "name": environment, "organization_id": org_id, "prior": prior_env_id} ))["id"] print "Creating environment: \t" + environment prior_env_id = new_env_id if __name__ == "__main__": main()
4.3.2. Requesting information from the API using Python
This is an example script that uses Python for various API requests.
Python 2 Example
#!/usr/bin/python import json import sys try: import requests except ImportError: print "Please install the python-requests module." sys.exit(-1) SAT_API = 'https://satellite.example.com/api/v2/' USERNAME = "admin" PASSWORD = "password" SSL_VERIFY = False # Ignore SSL for now def get_json(url): # Performs a GET using the passed URL location r = requests.get(url, auth=(USERNAME, PASSWORD), verify=SSL_VERIFY) return r.json() def get_results(url): jsn = get_json(url) if jsn.get('error'): print "Error: " + jsn['error']['message'] else: if jsn.get('results'): return jsn['results'] elif 'results' not in jsn: return jsn else: print "No results found" return None def display_all_results(url): results = get_results(url) if results: print json.dumps(results, indent=4, sort_keys=True) def display_info_for_hosts(url): hosts = get_results(url) if hosts: for host in hosts: print "ID: %-10d Name: %-30s IP: %-20s OS: %-30s" % (host['id'], host['name'], host['ip'], host['operatingsystem_name']) def main(): host = 'satellite.example.com' print "Displaying all info for host %s ..." % host display_all_results(SAT_API + 'hosts/' + host) print "Displaying all facts for host %s ..." % host display_all_results(SAT_API + 'hosts/%s/facts' % host) host_pattern = 'example' print "Displaying basic info for hosts matching pattern '%s'..." % host_pattern display_info_for_hosts(SAT_API + 'hosts?search=' + host_pattern) environment = 'production' print "Displaying basic info for hosts in environment %s..." % environment display_info_for_hosts(SAT_API + 'hosts?search=environment=' + environment) model = 'RHEV Hypervisor' print "Displaying basic info for hosts with model name %s..." % model display_info_for_hosts(SAT_API + 'hosts?search=model="' + model + '"') if __name__ == "__main__": main()
Python 3 Example
#!/usr/bin/env python3 import json import sys try: import requests except ImportError: print("Please install the python-requests module.") sys.exit(-1) SAT = "satellite.example.com" # URL for the API to your deployed Satellite 6 server SAT_API = f"https://{SAT}/api/" KATELLO_API = f"https://{SAT}/katello/api/v2/" POST_HEADERS = {'content-type': 'application/json'} # Default credentials to login to Satellite 6 USERNAME = "admin" PASSWORD = "password" # Ignore SSL for now SSL_VERIFY = False #SSL_VERIFY = "./path/to/CA-certificate.crt" # Put the path to your CA certificate here to allow SSL_VERIFY def get_json(url): # Performs a GET using the passed URL location r = requests.get(url, auth=(USERNAME, PASSWORD), verify=SSL_VERIFY) return r.json() def get_results(url): jsn = get_json(url) if jsn.get('error'): print("Error: " + jsn['error']['message']) else: if jsn.get('results'): return jsn['results'] elif 'results' not in jsn: return jsn else: print("No results found") return None def display_all_results(url): results = get_results(url) if results: print(json.dumps(results, indent=4, sort_keys=True)) def display_info_for_hosts(url): hosts = get_results(url) if hosts: print(f"{'ID':10}{'Name':40}{'IP':30}{'Operating System':30}") for host in hosts: print(f"{str(host['id']):10}{host['name']:40}{str(host['ip']):30}{str(host['operatingsystem_name']):30}") def display_info_for_subs(url): subs = get_results(url) if subs: print(f"{'ID':10}{'Name':90}{'Start Date':30}") for sub in subs: print(f"{str(sub['id']):10}{sub['name']:90}{str(sub['start_date']):30}") def main(): host = SAT print(f"Displaying all info for host {host} ...") display_all_results(SAT_API + 'hosts/' + host) print(f"Displaying all facts for host {host} ...") display_all_results(SAT_API + f'hosts/{host}/facts') host_pattern = 'example' print(f"Displaying basic info for hosts matching pattern '{host_pattern}'...") display_info_for_hosts(SAT_API + 'hosts?per_page=1&search=name~' + host_pattern) print(f"Displaying basic info for subscriptions") display_info_for_subs(KATELLO_API + 'subscriptions') environment = 'production' print(f"Displaying basic info for hosts in environment {environment}...") display_info_for_hosts(SAT_API + 'hosts?search=environment=' + environment) if __name__ == "__main__": main()
Chapter 5. Using the Red Hat Satellite API
This chapter provides a range of examples of how to use the Red Hat Satellite API to perform different tasks. You can use the API on Satellite Server via HTTPS on port 443, or on Capsule Server via HTTPS on port 8443.
You can address these different port requirements within the script itself. For example, in Ruby, you can specify the Satellite and Capsule URLs as follows:
url = 'https://satellite.example.com/api/v2/' capsule_url = 'https://capsule.example.com:8443/api/v2/' katello_url = 'https://satellite.example.com/katello/api/v2/'
For the host that is subscribed to Satellite Server or Capsule Server, you can determine the correct port required to access the API from the /etc/rhsm/rhsm.conf file, in the port entry of the [server]
section. You can use these values to fully automate your scripts, removing any need to verify which ports to use.
This chapter uses curl
for sending API requests. For more information, see Section 4.1, “API Requests with curl”.
Examples in this chapter use the Python json.tool
module to format the output.
5.1. Working with Hosts
Listing Hosts
This example returns a list of Satellite hosts.
Example request:
$ curl -request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/v2/hosts | python -m json.tool
Example response:
{ ... "total" => 2, "subtotal" => 2, "page" => 1, "per_page" => 1000, "search" => nil, "sort" => { "by" => nil, "order" => nil }, "results" => [ ... }
Requesting Information for a Host
This request returns information for the host satellite.example.com
.
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/v2/hosts/satellite.example.com \ | python -m json.tool
Example response:
{
"all_puppetclasses": [],
"architecture_id": 1,
"architecture_name": "x86_64",
"build": false,
"capabilities": [
"build"
],
"certname": "satellite.example.com",
"comment": null,
"compute_profile_id": null,
...
}
Listing Host Facts
This request returns all facts for the host satellite.example.com
.
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/v2/hosts/satellite.example.com/facts \ | python -m json.tool
Example response:
{
...
"results": {
"satellite.example.com": {
"augeasversion": "1.0.0",
"bios_release_date": "01/01/2007",
"bios_version": "0.5.1",
"blockdevice_sr0_size": "1073741312",
"facterversion": "1.7.6",
...
}
Searching for Hosts with Matching Patterns
This query returns all hosts that match the pattern "example".
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/v2/hosts?search=example \ | python -m json.tool
Example response:
{
...
"results": [
{
"name": "satellite.example.com",
...
}
],
"search": "example",
...
}
Searching for Hosts in an Environment
This query returns all hosts in the production
environment.
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/v2/hosts?search=environment=production \ | python -m json.tool
Example response:
{
...
"results": [
{
"environment_name": "production",
"name": "satellite.example.com",
...
}
],
"search": "environment=production",
...
}
Searching for Hosts with a Specific Fact Value
This query returns all hosts with a model name RHEV Hypervisor
.
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/v2/hosts?search=model=\"RHEV+Hypervisor\" \ | python -m json.tool
Example response:
{
...
"results": [
{
"model_id": 1,
"model_name": "RHEV Hypervisor",
"name": "satellite.example.com",
...
}
],
"search": "model=\"RHEV Hypervisor\"",
...
}
Deleting a Host
This request deletes a host with a name host1.example.com.
Example request:
$ curl --request DELETE --insecure --user sat_username:sat_password \ https://satellite.example.com/api/v2/hosts/host1.example.com \ | python -m json.tool
Downloading a Full Boot Disk Image
This request downloads a full boot disk image for a host by its ID.
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/bootdisk/api/hosts/host_ID?full=true \ --output image.iso
5.2. Working with Life Cycle Environments
Satellite divides application life cycles into life cycle environments, which represent each stage of the application life cycle. Life cycle environments are linked to from an environment path. To create linked life cycle environments with the API, use the prior_id
parameter.
You can find the built-in API reference for life cycle environments at https://satellite.example.com/apidoc/v2/lifecycle_environments.html
. The API routes include /katello/api/environments
and /katello/api/organizations/:organization_id/environments
.
Listing Life Cycle Environments
Use this API call to list all the current life cycle environments on your Satellite for the default organization with ID 1
.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request GET --user sat_username:sat_password --insecure \ https://satellite.example.com/katello/api/organizations/1/environments \ | python -m json.tool`
Example response:
output omitted "description": null, "id": 1, "label": "Library", "library": true, "name": "Library", "organization": { "id": 1, "label": "Default_Organization", "name": "Default Organization" }, "permissions": { "destroy_lifecycle_environments": false, "edit_lifecycle_environments": true, "promote_or_remove_content_views_to_environments": true, "view_lifecycle_environments": true }, "prior": null, "successor": null, output truncated
Creating Linked Life Cycle Environments
Use this example to create a path of life cycle environments.
This procedure uses the default Library environment with ID 1
as the starting point for creating life cycle environments.
Choose an existing life cycle environment that you want to use as a starting point. List the environment using its ID, in this case, the environment with ID
1
:Example request:
$ curl --request GET --user sat_username:sat_password --insecure \ https://satellite.example.com/katello/api/environments/1 \ | python -m json.tool
Example response:
output omitted "id": 1, "label": "Library", output omitted "prior": null, "successor": null, output truncated
Create a JSON file, for example,
life-cycle.json
, with the following content:{"organization_id":1,"label":"api-dev","name":"API Development","prior":1}
Create a life cycle environment using the
prior
option set to1
.Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request POST --user sat_username:sat_password --insecure \ --data @life-cycle.json \ https://satellite.example.com/katello/api/environments \ | python -m json.tool
Example response:
output omitted "description": null, "id": 2, "label": "api-dev", "library": false, "name": "API Development", "organization": { "id": 1, "label": "Default_Organization", "name": "Default Organization" }, "permissions": { "destroy_lifecycle_environments": true, "edit_lifecycle_environments": true, "promote_or_remove_content_views_to_environments": true, "view_lifecycle_environments": true }, "prior": { "id": 1, "name": "Library" }, output truncated
In the command output, you can see the ID for this life cycle environment is
2
, and the life cycle environment prior to this one is1
. Use the life cycle environment with ID2
to create a successor to this environment.Edit the previously created
life-cycle.json
file, updating thelabel
,name
, andprior
values.{"organization_id":1,"label":"api-qa","name":"API QA","prior":2}
Create a life cycle environment, using the
prior
option set to2
.Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request POST --user sat_username:sat_password --insecure \ --data @life-cycle.json \ https://satellite.example.com/katello/api/environments \ | python -m json.tool
Example response:
output omitted "description": null, "id": 3, "label": "api-qa", "library": false, "name": "API QA", "organization": { "id": 1, "label": "Default_Organization", "name": "Default Organization" }, "permissions": { "destroy_lifecycle_environments": true, "edit_lifecycle_environments": true, "promote_or_remove_content_views_to_environments": true, "view_lifecycle_environments": true }, "prior": { "id": 2, "name": "API Development" }, "successor": null, output truncated
In the command output, you can see the ID for this life cycle environment is
3
, and the life cycle environment prior to this one is2
.
Updating a Life Cycle Environment
You can update a life cycle environment using a PUT command.
This example request updates a description of the life cycle environment with ID 3
.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request POST --user sat_username:sat_password --insecure \ --data '{"description":"Quality Acceptance Testing"}' \ https://satellite.example.com/katello/api/environments/3 \ | python -m json.tool
Example response:
output omitted "description": "Quality Acceptance Testing", "id": 3, "label": "api-qa", "library": false, "name": "API QA", "organization": { "id": 1, "label": "Default_Organization", "name": "Default Organization" }, "permissions": { "destroy_lifecycle_environments": true, "edit_lifecycle_environments": true, "promote_or_remove_content_views_to_environments": true, "view_lifecycle_environments": true }, "prior": { "id": 2, "name": "API Development" }, output truncated
Deleting a Life Cycle Environment
You can delete a life cycle environment provided it has no successor. Therefore, delete them in reverse order using a command in the following format:
Example request:
$ curl --request DELETE --user sat_username:sat_password --insecure \ https://satellite.example.com/katello/api/environments/:id
5.3. Uploading Content to the Satellite Server
This section outlines how to use the Satellite 6 API to upload and import large files to your Satellite Server. This process involves four steps:
- Create an upload request.
- Upload the content.
- Import the content.
- Delete the upload request.
The maximum file size that you can upload is 2MB. For information about uploading larger content, see Uploading Content Larger than 2 MB.
Procedure
Create the upload request. Ensure you modify the example parameters to suit your deployment.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request POST --insecure \ --user sat_username:sat_password --data "{}" \ https://satellite.example.com/katello/api/repositories/3/content_uploads
This command returns the
upload_id
.Example response:
{"upload_id":"0be156b1-f373-4cad-89d0-924f8f4491d2","_href":"/pulp/api/v2/content/uploads/0be156b1-f373-4cad-89d0-924f8f4491d2/"}
Note the
upload_id
for uploading the content.Upload your content. Ensure you use the correct MIME type when you upload data. The API uses the
application/json
MIME type for the majority of requests to Satellite 6. Combine theupload_id
, MIME type, and other parameters to upload content.Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:multipart/form-data" \ --request PUT --insecure --user sat_username:sat_password \ --data-urlencode "content@/home/sat6user/rpmbuild/RPMS/noarch/python-scripttest-1.1.1-1.fc21.noarch.rpm" \ --data-urlencode offset=0 \ https://satellite.example.com/katello/api/repositories/3/content_uploads/0be156b1-f373-4cad-89d0-924f8f4491d2
After you have uploaded the content to the Satellite Server, you need to import it into the appropriate repository. Until you complete this step, the Satellite Server does not detect the new content.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request PUT --insecure \ --user sat_username:sat_password \ --data "{\"uploads\":[\"0be156b1-f373-4cad-89d0-924f8f4491d2\"]}" \ https://satellite.example.com/katello/api/repositories/3/import_uploads
After you have successfully uploaded and imported your content, you can delete the upload request. This frees any temporary disk space that data is using during the upload.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request DELETE --insecure \ --user sat_username:sat_password --data "{}" \ https://satellite.example.com/katello/api/repositories/3/content_uploads/0be156b1-f373-4cad-89d0-924f8f4491d2
Uploading Content Larger than 2 MB
The following example demonstrates how to split a large file into chunks, create an upload request, upload the individual files, import them to Satellite, and then delete the upload request. Note that this example uses sample content, host names, user names, and file names.
Use the following example to split your file into 2MB chunks:
$ split --bytes 2MB --numeric-suffixes --suffix-length=1 \ theforeman-foreman-5.0.1.tar.gz foreman_module.
View the resulting files:
$ ls -la theforeman-foreman-5.0.1.tar.gz foreman_module.* -rw-r--r--. 1 root root 50000 Nov 4 04:42 foreman_module.0 -rw-r--r--. 1 root root 32928 Nov 4 04:42 foreman_module.1 -rw-r--r--. 1 root root 82928 Nov 4 04:41 theforeman-foreman-5.0.1.tar.gz
Create an upload request.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request POST --insecure --user sat_username:sat_password --data "{}" \ https://ibm-vm01.example.com/katello/api/repositories/2/content_uploads
Example response:
{"upload_id":"9585528f-07ad-4bb1-9c80-ccece249b2b7","_href":"/pulp/api/v2/content/uploads/9585528f-07ad-4bb1-9c80-ccece249b2b7/"}
Note the
upload_id
for uploading the content.Upload the file chunks to Satellite Server. Notice the use of the
offset
parameter in this example and how it relates to the file size:Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:multipart/form-data" \ --request PUT --insecure --user sat_username:sat_password \ --data-urlencode "content@foreman_module.0" \ --data-urlencode offset=0 \ https://ibm-vm01.example.com/katello/api/repositories/2/content_uploads/9585528f-07ad-4bb1-9c80-ccece249b2b7
Import the complete upload to the repository:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request PUT --insecure --user sat_username:sat_password \ --data "{\"upload_ids\":[\"9585528f-07ad-4bb1-9c80-ccece249b2b7\"]}" \ https://ibm-vm01.example.com/katello/api/repositories/2/import_uploads
Delete the upload request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request DELETE --insecure --user sat_username:sat_password --data "{}" \ https://ibm-vm01.example.com/katello/api/repositories/2/content_uploads/9585528f-07ad-4bb1-9c80-ccece249b2b7
On Satellite Server, check the transferred file:
# ls -la /var/lib/pulp/content/puppet_module/theforeman-foreman-5.0.1.tar.gz -rw-r--r--. 1 apache apache 82928 Nov 4 04:55 /var/lib/pulp/content/puppet_module/theforeman-foreman-5.0.1.tar.gz
Verify that the initial file is the same as the transferred by comparing them:
$ cmp /var/lib/pulp/content/puppet_module/theforeman-foreman-5.0.1.tar.gz \ theforeman-foreman-5.0.1.tar.gz
5.4. Applying Errata to a Host or Host Collection
You can use the API to apply errata to a host, host group, or host collection. The following is the basic syntax of a PUT request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" --request PUT \ --user sat_username:sat_password --insecure \ --data json-formatted-data https://satellite7.example.com
You can browse the built in API doc to find a URL to use for applying Errata. You can use the Satellite web UI to help discover the format for the search query. Navigate to Hosts > Host Collections and select a host collection. Go to Collection Actions > Errata Installation and notice the search query box contents. For example, for a Host Collection called my-collection, the search box contains host_collection="my-collection"
.
Applying Errata to a Host
This example uses the API URL for bulk actions /katello/api/hosts/bulk/install_content
to show the format required for a simple search.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" --request PUT \ --user sat_username:sat_password --insecure \ --data "{\"organization_id\":1,\"included\":{\"search\":\"my-host\"},\"content_type\":\"errata\",\"content\":[\"RHBA-2016:1981\"]}" \ https://satellite.example.com/api/v2/hosts/bulk/install_content
Applying Errata to a Host Collection
In this example, notice the level of escaping required to pass the search string host_collection="my-collection"
as seen in the Satellite web UI.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" --request PUT \ --user sat_username:sat_password --insecure \ --data "{\"organization_id\":1,\"included\":{\"search\":\"host_collection=\\\"my-collection\\\"\"},\"content_type\":\"errata\",\"content\":[\"RHBA-2016:1981\"]}" \ https://satellite.example.com/api/v2/hosts/bulk/install_content
5.5. Using Extended Searches
You can find search parameters that you can use to build your search queries in the web UI. For more information, see Building Search Queries in Administering Red Hat Satellite.
For example, to search for hosts, complete the following steps:
- In the Satellite web UI, navigate to Hosts > All Hosts and click the Search field to display a list of search parameters.
- Locate the search parameters that you want to use. For this example, locate os_title and model.
Combine the search parameters in your API query as follows:
Example request:
$ curl --insecure --user sat_username:sat_password \ https://satellite.example.com/api/v2/hosts?search=os_title=\"RedHat+7.7\",model=\"PowerEdge+R330\" \ | python -m json.tool
Example response:
{ ... "results": [ { "model_id": 1, "model_name": "PowerEdge R330", "name": "satellite.example.com", "operatingsystem_id": 1, "operatingsystem_name": "RedHat 7.7", ... } ], "search": "os_title=\"RedHat 7.7\",model=\"PowerEdge R330\"", "subtotal": 1, "total": 11 }
5.6. Using Searches with Pagination Control
You can use the per_page
and page
pagination parameters to limit the search results that an API search query returns. The per_page
parameter specifies the number of results per page and the page
parameter specifies which page, as calculated by the per_page
parameter, to return.
The default number of items to return is set to 1000 when you do not specify any pagination parameters, but the per_page
value has a default of 20 which applies when you specify the page
parameter.
Listing Content Views
This example returns a list of Content Views in pages. The list contains 10 keys per page and returns the third page.
Example request:
$ curl --request GET --user sat_username:sat_password \
https://satellite.example.com/katello/api/content_views?per_page=10&page=3
Listing Activation Keys
This example returns a list of activation keys for an organization with ID 1
in pages. The list contains 30 keys per page and returns the second page.
Example request:
$ curl --request GET --user sat_username:sat_password \
https://satellite.example.com/katello/api/activation_keys?organization_id=1&per_page=30&page=2
Returning Multiple Pages
You can use a for
loop structure to get multiple pages of results.
This example returns pages 1 to 3 of Content Views with 5 results per page:
$ for i in seq 1 3
; do \
curl --request GET --user sat_username:sat_password \
https://satellite.example.com/katello/api/content_views?per_page=5&page=$i; \
done
5.7. Overriding Smart Class Parameters
You can search for Smart Parameters using the API and supply a value to override a Smart Parameter in a Class. You can find the full list of attributes that you can modify in the built-in API reference at https://satellite.example.com/apidoc/v2/smart_class_parameters/update.html
.
Find the ID of the Smart Class parameter you want to change:
List all Smart Class Parameters.
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/smart_class_parameters
If you know the Puppet class ID, for example 5, you can restrict the scope:
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/puppetclasses/5/smart_class_parameters
Both calls accept a search parameter. You can view the full list of searchable fields in the Satellite web UI. Navigate to Configure > Smart variables and click in the search query box to reveal the list of fields.
Two particularly useful search parameters are
puppetclass_name
andkey
, which you can use to search for a specific parameter. For example, using the--data
option to pass URL encoded data.Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ --data 'search=puppetclass_name = access_insights_client and key = authmethod' \ https://satellite.example.com/api/smart_class_parameters
Satellite supports standard scoped-search syntax.
When you find the ID of the parameter, list the full details including current override values.
Example request:
$ curl --request GET --insecure --user sat_username:sat_password \ https://satellite.example.com/api/smart_class_parameters/63
Enable overriding of parameter values.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request PUT --insecure --user sat_username:sat_password \ --data '{"smart_class_parameter":{"override":true}}' \ https://satellite.example.com/api/smart_class_parameters/63
Note that you cannot create or delete the parameters manually. You can only modify their attributes. Satellite creates and deletes parameters only upon class import from a proxy.
Add custom override matchers.
Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request PUT --insecure --user sat_username:sat_password \ --data '{"smart_class_parameter":{"override_value":{"match":"hostgroup=Test","value":"2.4.6"}}}' \ https://satellite.example.com/api/smart_class_parameters/63
For more information about override values, see
https://satellite.example.com/apidoc/v2/override_values.html
.You can delete override values.
Example request:
$ curl --request DELETE --user sat_username:sat_password \ https://satellite.example.com/api/smart_class_parameters/63/override_values/3
5.8. Modifying a Smart Class Parameter Using an External File
Using external files simplifies working with JSON data. Using an editor with syntax highlighting can help you avoid and locate mistakes.
Modifying a Smart Class Parameter Using an External File
This example uses a MOTD Puppet manifest.
Search for the Puppet Class by name,
motd
in this case.Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request GET --user sat_user:sat_password --insecure \ https://satellite.example.com/api/smart_class_parameters?search=puppetclass_name=motd \ | python -m json.tool
Examine the following output. Each Smart Class Parameter has an ID that is global for the same Satellite instance. The
content
parameter of themotd
class hasid=3
in this Satellite Server. Do not confuse this with the Puppet Class ID that displays before the Puppet Class name.Example response:
{ "avoid_duplicates": false, "created_at": "2017-02-06 12:37:48 UTC", # Remove this line. "default_value": "", # Add a new value here. "description": "", "hidden_value": "", "hidden_value?": false, "id": 3, "merge_default": false, "merge_overrides": false, "override": false, # Set the override value to
true
. "override_value_order": "fqdn\nhostgroup\nos\ndomain", "override_values": [], # Remove this line. "override_values_count": 0, "parameter": "content", "parameter_type": "string", "puppetclass_id": 3, "puppetclass_name": "motd", "required": false, "updated_at": "2017-02-07 11:56:55 UTC", # Remove this line. "use_puppet_default": false, "validator_rule": null, "validator_type": "" }Use the parameter ID
3
to get the information specific to themotd
parameter and redirect the output to a file, for example, output_file.json.Example request:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" --request GET \ --user sat_user:sat_password --insecure \` https://satellite.example.com/api/smart_class_parameters/3 \ | python -m json.tool > output_file.json
Copy the file created in the previous step to a new file for editing, for example,
changed_file.json
:$ cp output_file.json changed_file.json
Modify the required values in the file. In this example, change the content parameter of the
motd
module, which requires changing theoverride
option fromfalse
totrue
:{ "avoid_duplicates": false, "created_at": "2017-02-06 12:37:48 UTC", # Remove this line. "default_value": "", # Add a new value here. "description": "", "hidden_value": "", "hidden_value?": false, "id": 3, "merge_default": false, "merge_overrides": false, "override": false, # Set the override value to
true
. "override_value_order": "fqdn\nhostgroup\nos\ndomain", "override_values": [], # Remove this line. "override_values_count": 0, "parameter": "content", "parameter_type": "string", "puppetclass_id": 3, "puppetclass_name": "motd", "required": false, "updated_at": "2017-02-07 11:56:55 UTC", # Remove this line. "use_puppet_default": false, "validator_rule": null, "validator_type": "" }After editing the file, verify that it looks as follows and then save the changes:
{ "avoid_duplicates": false, "default_value": "No Unauthorized Access Allowed", "description": "", "hidden_value": "", "hidden_value?": false, "id": 3, "merge_default": false, "merge_overrides": false, "override": true, "override_value_order": "fqdn\nhostgroup\nos\ndomain", "override_values_count": 0, "parameter": "content", "parameter_type": "string", "puppetclass_id": 3, "puppetclass_name": "motd", "required": false, "use_puppet_default": false, "validator_rule": null, "validator_type": "" }
Apply the changes to Satellite Server:
$ curl --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request PUT --user sat_username:sat_password --insecure \ --data @changed_file.json \ https://satellite.example.com/api/smart_class_parameters/3
5.9. Deleting OpenSCAP reports
In Satellite Server, you can delete one or more OpenSCAP reports. However, when you delete reports, you must delete one page at a time. If you want to delete all Openscap reports, use the bash script that follows.
Deleting an OpenSCAP Report
To delete an OpenSCAP report, complete the following steps:
List all OpenSCAP reports. Note the IDs of the reports that you want to delete.
Example request:
curl --insecure --user username:_password_ \ https://satellite.example.com/api/v2/compliance/arf_reports/ | python -m json.tool
Example response:
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3252 0 3252 0 0 4319 0 --:--:-- --:--:-- --:--:-- 4318 { "page": 1, "per_page": 20, "results": [ { "created_at": "2017-05-16 13:27:09 UTC", "failed": 0, "host": "host1.example.com", "id": 404, "othered": 0, "passed": 0, "updated_at": "2017-05-16 13:27:09 UTC" }, { "created_at": "2017-05-16 13:26:07 UTC", "failed": 0, "host": "host2.example.com, "id": 405, "othered": 0, "passed": 0, "updated_at": "2017-05-16 13:26:07 UTC" }, { "created_at": "2017-05-16 13:25:07 UTC", "failed": 0, "host": "host3.example.com", "id": 406, "othered": 0, "passed": 0, "updated_at": "2017-05-16 13:25:07 UTC" }, { "created_at": "2017-05-16 13:24:07 UTC", "failed": 0, "host": "host4.example.com", "id": 407, "othered": 0, "passed": 0, "updated_at": "2017-05-16 13:24:07 UTC" }, ], "search": null, "sort": { "by": null, "order": null }, "subtotal": 29, "total": 29
Using an ID from the previous step, delete the OpenSCAP report. Repeat for each ID that you want to delete.
Example request:
# curl --insecure --user username:_password_ \ --header "Content-Type: application/json" \ --request DELETE https://satellite.example.com/api/v2/compliance/arf_reports/405
Example response:
HTTP/1.1 200 OK Date: Thu, 18 May 2017 07:14:36 GMT Server: Apache/2.4.6 (Red Hat Enterprise Linux) X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Foreman_version: 1.11.0.76 Foreman_api_version: 2 Apipie-Checksum: 2d39dc59aed19120d2359f7515e10d76 Cache-Control: max-age=0, private, must-revalidate X-Request-Id: f47eb877-35c7-41fe-b866-34274b56c506 X-Runtime: 0.661831 X-Powered-By: Phusion Passenger 4.0.18 Set-Cookie: request_method=DELETE; path=/ Set-Cookie: _session_id=d58fe2649e6788b87f46eabf8a461edd; path=/; secure; HttpOnly ETag: "2574955fc0afc47cb5394ce95553f428" Status: 200 OK Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
Example BASH Script to Delete All OpenSCAP Reports
Use the following bash script to delete all the OpenSCAP reports:
#!/bin/bash #this script removes all the arf reports from the satellite server #settings USER=username PASS=password URI=https://satellite.example.com #check amount of reports while [ $(curl --insecure --user $USER:$PASS $URI/api/v2/compliance/arf_reports/ | python -m json.tool | grep \"\total\": | cut --fields=2 --delimiter":" | cut --fields=1 --delimiter"," | sed "s/ //g") -gt 0 ]; do #fetch reports for i in $(curl --insecure --user $USER:$PASS $URI/api/v2/compliance/arf_reports/ | python -m json.tool | grep \"\id\": | cut --fields=2 --delimiter":" | cut --fields=1 --delimiter"," | sed "s/ //g") #delete reports do curl --insecure --user $USER:$PASS --header "Content-Type: application/json" --request DELETE $URI/api/v2/compliance/arf_reports/$i done done
Appendix A. API Response Codes
The Red Hat Satellite 6 API provides HTTP response status codes for API calls. The following codes are common for all resources in the Satellite API.
Response | Explanation |
---|---|
200 OK | For a successful request action: show, index, update, or delete (GET, PUT, DELETE requests). |
201 Created | For a successful create action (POST request). |
301 Moved Permanently | Redirect when Satellite is restricted to use HTTPS and HTTP is attempted. |
400 Bad Request | A required parameter is missing or the search query has invalid syntax. |
401 Unauthorized | Failed to authorize the user (for example, incorrect credentials). |
403 Forbidden | The user has insufficient permissions to perform the action or read the resource, or the action is unsupported in general. |
404 Not Found | The record with the given ID does not exist. It can appear in show and delete actions when the requested record does not exist; or in create, update and delete actions when one of the associated records does not exist. |
409 Conflict | Could not delete the record due to existing dependencies (for example, host groups with hosts). |
415 Unsupported Media Type | The content type of the HTTP request is not JSON. |
422 Unprocessable Entity | Failed to create an entity due to some validation errors. Applies to create or update actions only. |
500 Internal Server Error | Unexpected internal server error. |
503 Service Unavailable | The server is not running. |
Appendix B. API Permissions Matrix
The Red Hat Satellite 6 API supports numerous actions, many of which require specific permissions. The following table lists the API permission names, the actions associated with those permissions, and the associated resource type.
Permission Name | Actions | Resource Type |
---|---|---|
view_activation_keys |
| Katello::ActivationKey |
create_activation_keys |
| Katello::ActivationKey |
edit_activation_keys |
| Katello::ActivationKey |
destroy_activation_keys |
| Katello::ActivationKey |
logout |
| |
view_architectures |
| |
create_architectures |
| |
edit_architectures |
| |
destroy_architectures |
| |
view_audit_logs |
| |
view_authenticators |
| |
create_authenticators |
| |
edit_authenticators |
| |
destroy_authenticators |
| |
view_bookmarks |
| |
create_bookmarks |
| |
edit_bookmarks |
| |
destroy_bookmarks |
| |
download_bootdisk |
| |
manage_capsule_content |
| SmartProxy |
view_capsule_content |
| SmartProxy |
view_compute_profiles |
| |
create_compute_profiles |
| |
edit_compute_profiles |
| |
destroy_compute_profiles |
| |
view_compute_resources |
| |
create_compute_resources |
| |
edit_compute_resources |
| |
destroy_compute_resources |
| |
view_compute_resources_vms |
| |
create_compute_resources_vms |
| |
edit_compute_resources_vms |
| |
destroy_compute_resources_vms |
| |
power_compute_resources_vms |
| |
console_compute_resources_vms |
| |
view_config_groups |
| |
create_config_groups |
| |
edit_config_groups |
| |
destroy_config_groups |
| |
view_config_reports |
| |
destroy_config_reports |
| |
upload_config_reports |
| |
view_containers |
| Container |
commit_containers |
| Container |
create_containers |
| Container |
destroy_containers |
| Container |
power_compute_resources_vms |
| ComputeResource |
view_content_hosts |
| Katello::System |
create_content_hosts |
| Katello::System |
edit_content_hosts |
| Katello::System |
destroy_content_hosts |
| Katello::System |
view_content_views |
| Katello::ContentView |
create_content_views |
| Katello::ContentView |
edit_content_views |
| Katello::ContentView |
destroy_content_views |
| Katello::ContentView |
publish_content_views |
| Katello::ContentView |
promote_or_remove_content_views |
| Katello::ContentView |
export_content_views |
| Katello::ContentView |
access_dashboard |
| |
view_discovered_hosts |
| Host |
submit_discovered_hosts |
| Host |
auto_provision_discovered_hosts |
| Host |
provision_discovered_hosts |
| Host |
edit_discovered_hosts |
| Host |
destroy_discovered_hosts |
| Host |
view_discovery_rules |
| DiscoveryRule |
create_discovery_rules |
| DiscoveryRule |
edit_discovery_rules |
| DiscoveryRule |
execute_discovery_rules |
| DiscoveryRule |
destroy_discovery_rules |
| DiscoveryRule |
view_domains |
| |
create_domains |
| |
edit_domains |
| |
destroy_domains |
| |
view_environments |
| |
create_environments |
| |
edit_environments |
| |
destroy_environments |
| |
import_environments |
| |
view_external_usergroups |
| |
create_external_usergroups |
| |
edit_external_usergroups |
| |
destroy_external_usergroups |
| |
view_external_variables |
| |
create_external_variables |
| |
edit_external_variables |
| |
destroy_external_variables |
| |
view_facts |
| |
upload_facts |
| |
view_filters |
| |
create_filters |
| |
edit_filters |
| |
destroy_filters |
| |
view_arf_reports |
| |
destroy_arf_reports |
| |
create_arf_reports |
| |
view_policies |
| ForemanOpenscap::Policy |
edit_policies |
| ForemanOpenscap::Policy |
create_policies |
| ForemanOpenscap::Policy |
destroy_policies |
| ForemanOpenscap::Policy |
assign_policies |
| ForemanOpenscap::Policy |
view_scap_contents |
| ForemanOpenscap::ScapContent |
view_scap_contents |
| ForemanOpenscap::ScapContent |
edit_scap_contents |
| ForemanOpenscap::ScapContent |
create_scap_contents |
| ForemanOpenscap::ScapContent |
destroy_scap_contents |
| ForemanOpenscap::ScapContent |
edit_hosts |
| Host |
edit_hostgroups |
| Host |
view_job_templates |
| JobTemplate |
create_job_templates |
| JobTemplate |
edit_job_templates |
| |
edit_job_templates |
| |
edit_remote_execution_features |
| RemoteExecutionFeature |
destroy_job_templates |
| JobTemplate |
lock_job_templates |
| JobTemplate |
create_job_invocations |
| JobInvocation |
view_job_invocations |
| JobInvocation |
execute_template_invocation | TemplateInvocation | |
filter_autocompletion_for_template_invocation |
| TemplateInvocation |
view_foreman_tasks |
| ForemanTasks::Task |
edit_foreman_tasks |
| ForemanTasks::Task |
create_recurring_logics | ForemanTasks::RecurringLogic | |
view_recurring_logics |
| ForemanTasks::RecurringLogic |
edit_recurring_logics |
| ForemanTasks::RecurringLogic |
view_globals |
| |
create_globals |
| |
edit_globals |
| |
destroy_globals |
| |
view_gpg_keys |
| Katello::GpgKey |
create_gpg_keys |
| Katello::GpgKey |
edit_gpg_keys |
| Katello::GpgKey |
destroy_gpg_keys |
| Katello::GpgKey |
view_host_collections |
| Katello::HostCollection |
create_host_collections |
| Katello::HostCollection |
edit_host_collections |
| Katello::HostCollection |
destroy_host_collections |
| Katello::HostCollection |
edit_classes |
| |
create_params |
| |
edit_params |
| |
destroy_params |
| |
view_hostgroups |
| |
create_hostgroups |
| |
edit_hostgroups |
| |
destroy_hostgroups |
| |
view_hosts |
| |
create_hosts |
| |
edit_hosts |
| |
destroy_hosts |
| |
build_hosts |
| |
power_hosts |
| |
console_hosts |
| |
ipmi_boot |
| |
puppetrun_hosts |
| |
search_repository_image_search |
| Docker/ImageSearch |
view_images |
| |
create_images |
| |
edit_images |
| |
destroy_images |
| |
view_lifecycle_environments |
| Katello::KTEnvironment |
create_lifecycle_environments |
| Katello::KTEnvironment |
edit_lifecycle_environments |
| Katello::KTEnvironment |
destroy_lifecycle_environments |
| Katello::KTEnvironment |
promote_or_remove_content_views_to_environments | Katello::KTEnvironment | |
view_locations |
| |
create_locations |
| |
edit_locations |
| |
destroy_locations |
| |
assign_locations |
| |
view_mail_notifications |
| |
view_media |
| |
create_media |
| |
edit_media |
| |
destroy_media |
| |
view_models |
| |
create_models |
| |
edit_models |
| |
destroy_models |
| |
view_operatingsystems |
| |
create_operatingsystems |
| |
edit_operatingsystems |
| |
destroy_operatingsystems |
| |
view_organizations |
| |
create_organizations |
| |
edit_organizations |
| |
destroy_organizations |
| |
assign_organizations |
| |
view_ptables |
| |
create_ptables |
| |
edit_ptables |
| |
destroy_ptables |
| |
lock_ptables |
| |
view_plugins |
| |
view_products |
| Katello::Product |
create_products |
| Katello::Product |
edit_products |
| Katello::Product |
destroy_products |
| Katello::Product |
sync_products |
| Katello::Product |
export_products |
| Katello::Product |
view_provisioning_templates |
| |
create_provisioning_templates |
| |
edit_provisioning_templates |
| |
destroy_provisioning_templates |
| |
deploy_provisioning_templates |
| |
lock_provisioning_templates |
| |
user_logout |
| |
my_account |
| |
api_status |
| |
view_puppetclasses |
| |
create_puppetclasses |
| |
edit_puppetclasses |
| |
destroy_puppetclasses |
| |
import_puppetclasses |
| |
view_realms |
| |
create_realms |
| |
edit_realms |
| |
destroy_realms |
| |
view_search |
| |
view_cases |
| |
attachments |
| |
configuration |
| |
app_root |
| |
view_log_viewer |
| |
logs |
| |
rh_telemetry_api |
| |
rh_telemetry_view |
| |
rh_telemetry_configurations |
| |
view_roles |
| |
create_roles |
| |
edit_roles |
| |
destroy_roles |
| |
access_settings |
| |
view_smart_proxies |
| |
create_smart_proxies |
| |
edit_smart_proxies |
| |
destroy_smart_proxies |
| |
view_smart_proxies_autosign |
| |
create_smart_proxies_autosign |
| |
destroy_smart_proxies_autosign |
| |
view_smart_proxies_puppetca |
| |
edit_smart_proxies_puppetca |
| |
destroy_smart_proxies_puppetca |
| |
view_subnets |
| |
create_subnets |
| |
edit_subnets |
| |
destroy_subnets |
| |
import_subnets |
| |
view_subscriptions |
| Organization |
attach_subscriptions |
| Organization |
unattach_subscriptions |
| Organization |
import_manifest |
| Organization |
delete_manifest |
| Organization |
view_sync_plans |
| Katello::SyncPlan |
create_sync_plans |
| Katello::SyncPlan |
edit_sync_plans |
| Katello::SyncPlan |
destroy_sync_plans |
| Katello::SyncPlan |
my_organizations |
| |
view_usergroups |
| |
create_usergroups |
| |
edit_usergroups |
| |
destroy_usergroups |
| |
view_users |
| |
create_users |
| |
edit_users |
| |
destroy_users |
|