CPS vDRA Interfaces And APIs
CPS vDRA includes various application APIs to configure and manage the application.
CRD REST API
Purpose
The Custom Reference Data (CRD) REST API enables the query of creation, deletion, and update of CRD table data without the need to access the Control Center GUI. The CRD APIs are available using an HTTP REST interface.
URL and Port
https:// <master ip or control node >:443/custrefdata
Protocol
HTTPS
Accounts and Roles
Security for the CRD REST API is accomplished by using HTTP basic authentication to support read-only and read-write access to the CRD REST API.
Assigning a Read-Only UserUse the nacm groups group command to assign the user to the "crd-read-only" group.
For Example, nacm groups group crd-read-only user-name oper
Grafana
Purpose
Grafana is a metrics dashboard and graph editor used to display graphical representations of system, application KPIs, bulkstats of various CPS components.
Note |
After the DRA Director (DD) failover/reboot, the TPS values in Grafana dashboards takes approx. 5 minutes to fetch and display the latest updated values. Until the values are updated, Grafana displays the old data. |
URL and Port
https:// <master ip or control node >:443/grafana
Protocol
HTTPS
Accounts and Roles
For more information on adding or deleting these user accounts, refer to the Prometheus and Grafana chapter in this guide.
JMX Interface
Purpose
Java Management Extension (JMX) interface can be used for managing and monitoring applications and system objects.
Resources to be managed or monitored are represented by objects called managed beans (mbeans). MBean represents a resource running in JVM and external applications can interact with mbeans through the use of JMX connectors and protocol adapters for collecting statistics (pull), for getting/setting application configurations (push/pull), and notifying events like faults or state changes(push).
CLI Access
-
Run docker connect container-id.
-
Run the jmxterm command from the CLI prompt to bring up the jmx terminal
Port
All applications run on port 9045.
This port is not exposed externally.
Accounts and Roles
Not applicable.
OSGi Console
Purpose
CPS is based on Open Service Gateway initiative (OSGi) and OSGi console is a command-line shell which can be used for analyzing problems at OSGi layer of the application. It may become necessary to connect to the OSGi console to execute specific commands. These commands are not documented in this guide but the connection process is described below.
CLI Access
-
Run the command docker connect container-id.
-
telnet <ip> <port>
Ports
All applications run on port 9091 within the executing container.
This port is not exposed externally.
Accounts and Roles
Not applicable.
Policy Builder GUI
Purpose
Policy Builder is the alternative web-based client interface for the configuration of the Cisco Policy Suite.
URL and Port
https://<master or control ip>/pb
Protocol
HTTPS
Accounts and Roles
Assigning a Read-Only UserIt is not necessary to assign a read-only role. Any valid user that can login will have read-only access.
Assigning a Read-Write User
Use the nacm groups group command to assign the user to the "policy-admin" group.
For example, nacm groups group policy-admin user-name admin
DRA Central GUI
Purpose
DRA Central is the primary web-based client interface for the configuration and operational control of the CPS vDRA.
URL and Port
https://<master or control ip>/central/dra/
Protocol
HTTPS
Accounts and Roles
Assigning a Read-Only User
Use the nacm groups group command to assign the user to the "policy-ro" group.
Assigning a Read-Write User
Use the nacm groups group command to assign the user to the "policy-admin" group.
For example:
nacm groups
group policy-admin user-name admin
SVN Interface
Apache ™ Subversion (SVN) is the versioning and revision control system used within CPS. It maintains all the CPS policy configurations and has repositories in which files can be created, updated and deleted. SVN maintains the file difference each time any change is made to a file on the server and for each change it generates a revision number.
In general, most interactions with SVN are performed via Policy Builder.
CLI Access
From a remote machine with the SVN client installed, use the following command to access SVN:
Access all files from the server as follows:
svn checkout --username <username> --password <password> <SVN Repository URL> <Local Path>
Example:
svn checkout --username admin --password admin https://<master ip or control ip>/repos/
If <Local Path>is not provided, files are checked out to the current directory.
Check-in the changed files to the server as follows:
svn commit --username <username> --password <password> <Local Path> -m “modified config”
Example:
svn commit --username broadhop --password broadhop /root/configuration -m “modified config”
Update local copy to latest from SVN:
svn update <Local Path>
Example:
svn update /root/configuration/
Check current revision of files:
svn info <Local Path>
Example:
svn info /root/configuration/
Use svn --help for a list of other commands.
Protocol
HTTPS
URL and Port
https://<master or control ip>/repos/
Accounts and Roles
Assigning a Read-Only User
It is not necessary to assign a read-only role. Any valid user that can login will have read-only access.
Assigning a Read-Write User
Use the nacm groups group command to assign the user to the "policy-admin" group.
For example, nacm groups group policy-admin user-name admin