Barracuda Load Balancer- Powershell
Working on my Powershell skills, I was playing around with a Barracuda Load Balancer and noticed it supported some APIs which is kind of cool. At first I was playing around with it in postman and got to login and put some servers in maintenance mode, but then thought it would be really neat if I could get this working in Powershell, that way us humans can just run a script and even thinking in the “future” maybe have some automated process (a.k.a AI) handle this for us. ;) So in this post I’ll talk about the script I created and some of the small challenges I had with this overall it was kind of neat putting this together. TLDR: Here is the script if you don’t want to read:
# Barracuda Load Balancer Powershell Script
# Minimum version of Powershell is 6.0.4 – Can download stable releases @ https://github.com/PowerShell/PowerShell
# Puts servers in Maintenance, Disable or Enable status
# Put the URI API of the LB (example: "https://192.168.1.5/restapi/v2")
$uri = ""
# Put the group name, usually its "default" unless you have something different
$groupname = "default"
# Put the service name you would like to modify, you can find this in the LB going to BASIC->Services
$servicename = ""
# Put the server you would like to modify, you can find the names of the servers under BASIC->Services
# You can add additional servers to this list if you want to modify multiple servers at once, add additional variables
$realserver1 = ""
$realserver2 = ""
# What status would you change the servers in the LB to? Valid values are enable, disable, or maintenance. Values are lower-case sensitive
$status = "enable"
# Login into Barracuda you will get a prompt to login, currently only local accounts work for API.
$credential = Get-Credential –Message "Please type a username and password to login into the Barracuda LB"
$password = $credential.GetNetworkCredential().password
$username = $credential.GetNetworkCredential().username
# POST Request to Login into Barracuda
$authUrl_Body = @{
password = $password
username = $username
}
# Convert this request into JSON and call it $jsonurlbody
$jsonauth_Body = $authUrl_Body | ConvertTo-Json
#Grab the token to and keep note of it, and use to login into Barracuda from now on
$auth = Invoke-RestMethod –Uri "$uri/login" –ContentType "application/json" –Method POST –Body $jsonauth_Body –SkipCertificateCheck
$authtoken = $auth.token
# Barracuda only supports username only no password required when we have the token put this into a PSCredential to null the password
$lbcred = New-Object System.Management.Automation.PSCredential ("$authtoken", (new-object System.Security.SecureString))
# POST Request to put a server into Maintenance, Enable, or Disable
$statusURL_Body = @{
status = $status
}
# Convert this request into JSON and call it $jsonstatus_Body
$jsonstatus_Body = $statusURL_Body | ConvertTo-Json
# Put $realserver1 into $status "status"
Invoke-RestMethod –Uri "$uri/virtual_service_groups/$groupname/virtual_services/$servicename/servers/$realserver1" –Credential $lbcred –Authentication Basic –ContentType "application/json" –Method PUT –Body $jsonstatus_Body –SkipCertificateCheck | ConvertTo-Json
# Put $realserver2 into $status "status"
Invoke-RestMethod –Uri "$uri/virtual_service_groups/$groupname/virtual_services/$servicename/servers/$realserver2" –Credential $lbcred –Authentication Basic –ContentType "application/json" –Method PUT –Body $jsonstatus_Body –SkipCertificateCheck | ConvertTo-Json
# If you have additional servers copy the command above and replace it with a different variableThe first thing I was stuck on was the way Barracuda uses the API token, I was able to have to load balancer give me the token but Powershell also wanted a password with that API token. Barracuda only uses the username as the token to login. So I needed to configure Powershell to null the password when logging with the API token. A quick search on the web led me to create the $lbcred variable.
Another small gotcha was when using the default version of Powershell on Windows 10 I was having a problem with the login and really didn’t want to create a curl header or anything like that. I also wanted to keep the username and password out of the script. When you run the script it will ask you what the username and password is and use that while the script it running, I thought it would be easier. So when researching this, and I didn’t actually know this but there are different updated versions of Powershell which are available on GitHub and they work different operating systems besides Windows. So that’s pretty cool, and also tells you how much I pay attention to Powershell :).
When looking at the release notes for Powershell 6.0.4 they made some modifications to the Invoke-RestMethod command for -Authentication switch so I downloaded Powrshell 6.0.4 and then found it does not work with Powershell ISE. :(
Which is what I have been using and I now needed to download Visual Studio Code which is a free download and install the Powershell extenstion so that I could run it within that program. Again just goes to show you how much I know about this stuff. After all of that I was able to login into the load balancer using the token API!
The last command I just needed a json to tell the load balancer want I wanted to do with the servers, I could put them in maintenance, enable or disable status and if I had more than one server in the load balancer, I just copied the command again and used a different variable for each server. After that I was able to put servers in a different via Powershell!