phpIPAM
Introduction
phpIPAM - Open source IP address management.
phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features.
URLs:
- Home: https://phpipam.net/
- API: https://phpipam.net/api/api_documentation/
- Github: https://github.com/phpipam/
Installation
Requirements
- Apache2 webserver with php support or Nginx with php-fpm
- Mysql server (5.1+)
- PHP:
- version 5.3 supported to phpipam version 1.3.1
- version 5.4
- version 7.2 and higher supported from phpipam release 1.3.2
- PHP modules:
- pdo, pdo_mysql : Adds support for mysql connections
- session : Adds persistent session support
- sockets : Adds sockets support
- openssl : Adds openSSL support
- gmp : Adds support for dev-libs/gmp (GNU MP library) -> to calculate IPv6 networks
- ldap : Adds LDAP support (Lightweight Directory Access Protocol – for AD also)
- crypt : Add support for password encryption
- SimpleXML: Support for SimpleXML (optional, for RIPE queries and if required for API)
- json: Enable JSON support
- gettext: Enables translation
- filter : Adds filtering support
- pcntl : Add support for process creation functions (optional, required for scanning)
- cli : Enable CLI (optional, required for scanning and status checks)
- mbstring : Enable mbstring support
- php PEAR support
You can check which php modules are enabled by issuing php -m
in command line.
API Develop
Enable API and Create new API Key (code)
By default, the API is Disabled, go to Enable it first.
IPAM Web > Administration > Server management > phpIPAM settings > API: ON
IPAM Web > Administration > API > Create API Key
- App id: devappro (自定義 app 名稱,建議不同的 APP 使用不同的 app_id)
- App code: <系統自動產生一組密鑰>
- App permissions: Read (依實際需求選擇)
- App security: User token (如果連線協定不想用 HTTPS,這裡必須是 User token)
- Transaction locking: No
- Lock timeout: 0
- Nest custom fields: No
- Show links: No
NOTE:
如果 App security 是 User token,表示 API 連線協定使用不加密的 HTTP,這時系統會提示需要變更
config.php
的參數。$api_allow_unsafe = true;
API Test with curl
API 使用注意
- 第一次連線,需要先登入 IPAM 的帳號/密碼並取得一組 Token,預設有效期是 6 小時。
- 每次連線 API 時,必須在 header 內包含一組有效的 Token,才能通過認證;否則會顯示 Unauthorized。
- 先前建立的 API Key 與 第一項的 Token 兩個是不一樣的東西,用途也不同。基本上 API Client 開發只會用到 Token。
- Token 一旦超過有效期,有兩種做法可以繼續 API 連線。
- 延展已過期的 Token。
- 以帳密重新取得新的 Token。(注意: 原 Token 將會永久失效)
以帳號取得一組 token: /api/{app_id}/user/
TIP: 相同語法也能用在驗證特定帳密是否有效。
#> curl -X POST --user admin:thisispassword http://10.10.2.207/api/devappro/user/ -i
HTTP/1.1 200 OK
Date: Wed, 15 Jun 2022 05:40:01 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Set-Cookie: phpipam=ttm3cg1ctpq1vqn2lv1rht3kl1; expires=Thu, 16-Jun-2022 05:40:01 GMT; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 116
Content-Type: application/json; charset=utf-8
{"code":200,"success":true,"data":{"token":"7dMGzul08SsPMhDDOK-oZdBk","expires":"2022-06-15 19:40:01"},"time":0.009}
查詢 token 的有效期: /api/{app_id}/user/token_expires/
#> curl -X GET http://10.10.2.207/api/devappro/user/token_expires/ --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":true,"data":{"expires":"2022-06-15 19:44:31"},"time":0.002}
延展 token 有效期: /api/{app_id}/user/
TIP: 每次延展會以 6 小時為限,多次延展也不會超過 6 小時
curl -X PATCH http://10.10.2.207/api/devappro/user/ --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":true,"data":{"expires":"2022-06-15 21:11:37"},"time":0.004}
以 IP 搜尋資料庫: /api/{app_id}//addresses/search/{ip-address}/
# IP is existed.
curl -X GET http://10.10.2.207/api/devappro/addresses/search/10.10.1.8 --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":true,"data":[{"id":"271","subnetId":"22","ip":"10.10.1.8","is_gateway":null,"description":"FAB A-VM Server-VM05","hostname":"TPECIMVM05","mac":null,"owner":null,"tag":"2","deviceId":null,"location":"3","port":null,"note":null,"lastSeen":"2022-06-15 13:30:01","excludePing":null,"PTRignore":null,"PTR":"0","firewallAddressObject":null,"editDate":"2022-06-15 13:30:10","customer_id":null}],"time":0.017}
# IP not found
curl -X GET http://10.10.2.207/api/devappro/addresses/search/10.10.1.7 --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":false,"message":"Address not found","time":0.007}
延伸閱讀
- Perl5 Interface: https://github.com/natxo/phpipam-API
- 11 Best IP Address Management Tools for Linux Network