Add / update / delete servers through ezeelogin API
How to add/delete/update servers in GUI using Ezeelogin API
An API script is provided for automating server add/edit/delete tasks in Ezeelogin. With the help of this script, you can integrate Ezeelogin with any 3rd party application managing your clients/customers. Also, make sure to enable API.
The API script can be executed as:
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php [params...]
For Help
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php -help
Usage:
ezwapi.php -help <action>
action : API action (add_server/update_server/remove_server/reset_fingerprint/add_user_server_acl)
1. Add Server
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php -help add_server
Usage:
ezwapi.php add_server -api_url <API URL> -secret <API secret> -name <hostname> -description <description> -password <password> -ip_address <IP address> -group <group> [-ssh_port <port>] [-ssh_user <username>] [-keep_password <Y/N/S>]
[-enable_ssh <Y/N/H>] [-cp <control panel>]
-api_url : The API URL
-secret : The API secret configured in web panel settings
-name : The server host name
-description : A description for the server
-password : The server password
-ssh_key : The SSH private key file (optional)
-passphrase : The SSH key pass phrase (optional)
-ip_address : The server IP address
-ssh_port : The server SSH port (optional, use default if unspecified)
-ssh_user : The server SSH user (optional, use default if unspecified)
-switch_user : Switch to this user after login as SSH user (optional)
-switch_pass : Password for switch user (optional)
-switch_sudo : Y or N or E to escalate privilege with 'sudo su' or 'enable' (for Cisco devices) (optional, default: N = disabled)
-prompt1 : Unique string in shell prompt of SSH user (optional)
-prompt2 : Unique string in password prompt for su or sudo (optional, default: Password:)
-prompt3 : Unique string in shell prompt of root user (optional, required for sudo)
-group : The server group name
-keep_password : Y (keep given password), N (automatic) or S (keep server password as such - no verification) (optional, default: Y)
-enable_ssh : Y, N or H to enable/disable/via Host Node (optional, default: N)
-ishn : Y or N to make this a Host Node or not (optional, default: N)
-onhost : The name of Host Node (optional, default: N)
-cp : The control panel name (optional, use default if unspecified)
-dc : The datacenter name (optional, use default if unspecified)
-rc_host : The remote console host (optional)
-rc_user : The remote console user (optional)
-rc_pass : The remote console password (optional)
The below example shows how to add a Server in GUI with the remote ssh user as 'root'
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php add_server -api_url http://10.11.1.137/ezlogin -secret zjdfji@#$! -name test.noc.com -description desctest -ssh_user root -password test123 -ip_address 10.11.1.138 -group test -enable_ssh Y -keep_password S
Special characters password can be saved using API with single quotes.
eg: -password '??r&5Q*gyKc6nGAE()'
The example below shows how to add a server in GUI when the remote ssh user is non-privileged user 'admin'
How will I find the prompts for the ssh_user?
The easiest way to find the prompt1 is to ssh as the user directly into the server. The prompts may vary depending on the remote OS in use. For example, when the remote machine is Centos 5.6,7, the login prompts when a non-root user logs in are
[admin@skunk ~]$ cd /home
Here the unique string that remains permanent are "]$ ". Note that there are 3 characters including space.
For Ubuntu 14,16 ,18
admin@ubu-nscd:~$ cd /home
Here the unique string that remains permanent are the characters "cd:".
To find prompt2, simply run su - as a non root user.
[admin@skunk home]$ su -
Password:
The prompt 2 or the unique string that remains permanent would be "rd:"
The prompt 3 would be how the root prompt looks like
[root@skunk home]#
Above the unique characters that is permanent are "ot@sk" or "root@" etc.
2. Update Server
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php -help update_server
Usage:
ezwapi.php update_server -api_url <API URL> -secret <API secret> -name <hostname> [-newname <new hostname>] [-password <password>] [-ip_address <IP address>] [-ssh_port <port>] [-ssh_user <username>]
[-group <group>] [-keep_password <Y/N/S>] [-enable_ssh <Y/N>] [-cp <control panel>]
-api_url : The API URL
-secret : The API secret configured in web panel settings
-name : The server host name
-newname : The new host name (optional)
-description : A description for the server
-password : The server password (optional)
-ssh_key : The SSH private key file (optional)
-passphrase : The SSH key pass phrase (optional)
-ip_address : The server IP address (optional)
-ssh_port : The server SSH port (optional)
-ssh_user : The server SSH user (optional)
-switch_user : Switch to this user after login as SSH user (optional)
-switch_pass : Password for switch user (optional)
-switch_sudo : Y or N or E to escalate privilege with 'sudo su' or 'enable' (for Cisco devices) (optional, default: N = disabled)
-prompt1 : Unique string in shell prompt of SSH user (optional)
-prompt2 : Unique string in password prompt for su or sudo (optional)
-prompt3 : Unique string in shell prompt of root user (optional, required for sudo)
-rdp_port : The server RDP port (optional, use default if unspecified)
-group : The server group name
-keep_password : Y (keep given password), N (automatic) or S (keep server password as such - no verification) (optional)
-enable_ssh : Y, N or H to enable/disable/via Host Node (optional)
-ishn : Y or N to make this a Host Node or not (optional)
-onhost : The name of Host Node (optional)
-cp : The control panel name (optional)
-dc : The datacenter name (optional)
-rc_host : The remote console host (optional)
-rc_user : The remote console user (optional)
-rc_pass : The remote console password (optional)
Example - UPDATE SERVER
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php update_server -api_url http://10.11.1.137/ezlogin -secret zjdfji@#$! -name ez.test.com -description desctest -password test123 -ip_address 10.11.1.138 -group test -ssh_port 22 -rdp_port 3389
3. Delete Server
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php -help remove_server
Usage:
ezwapi.php remove_server -api_url <API URL> -secret <API secret> -name <hostname>
-api_url : The API URL
-secret : The API secret configured in web panel settings
-name : The server host name
Example - Delete Server
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php remove_server -api_url http://10.11.1.137/ezlogin -secret zjdfji@#$! -name ez.test.com
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php -help reset_fingerprint
Usage:
ezwapi.php reset_fingerprint -api_url <API URL> -secret <API secret> -name <hostname>
-api_url : The API URL
-secret : The API secret configured in web panel settings
-name : The server host name
Example - Reset fingerprint of remote devices
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php reset_fingerprint -api_url http://192.168.29.4/ezlogin -secret 123456 -name Cent-database.hu
5. User-server access control
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php -help add_user_server_acl
Usage:
ezwapi.php add_user_server_acl -api_url <API URL> -secret <API secret> -user <username> -server <hostname> [-defer]
-api_url : The API URL
-secret : The API secret configured in web panel settings
-user : The username
-server : The server host name
-defer : Defer the ACL addition if user doesn't already exist (optional)
Example:
root@jumpserver:~# php /usr/local/ezlogin/ezwapi.php add_user_server_acl -api_url http://192.168.1.9/ezlogin -secret zxcvbnm -user victor -server centos.server