Restore Avi config using API and csrftoken

Products

VMware Avi Load Balancer

Issue/Introduction

Restore the backed-up Avi config in 30.2.1 and later versions using API and CSRFToken

Environment

Avi Controller 30.2.1 and later

Cause

Restore the backed-up Avi config on Avi Controller.

Resolution

Prerequisites for Controller Configuration Restore

To successfully restore a configuration backup on the Avi controller, ensure the following conditions are met:

Matching IP Address: The backup must be restored to a controller that has the same IP address as the controller from which the backup was originally generated. If the IP addresses do not match, the Service Engines (SEs) will fail to connect to the controller.
Network Connectivity: The device you are using to execute the curl command must be able to reach the controller on port 443.
API Access: The restore command can be run either directly from the controller itself or from any API tool that has network access to the controller.

Steps:

1) Upload the upgrade and patch file to the controller using CLI.

2) Log in to Avi Controller CLI using the admin user and the Default Password.

Password: Default Password (Login to https://support.broadcom.com and download the Default_password.txt to get the default password for the controller)

Note: In case the controller is not in Factory Default status, use the admin password for the controller.

3) Upload the controller upgrade package and the avi_patch file (if the controller was patched when taking a backup)

  shell  
  upload image filename /path/to/<controller.pkg>
  upload image filename /path/to/<patch_file.pkg>

4) Validate the image upload

[admin:10-91-5-38]: > show image
+---------------------------------+--------------------------------------------+-------------------+---------------------+
| Name                            | UUID                                       | Type              | State               |
+---------------------------------+--------------------------------------------+-------------------+---------------------+
| 31.1.1-9122-20250127.143602     | image-2f3f35dd-06f0-443e-8dd0-2856d84778c4 | IMAGE_TYPE_SYSTEM | IMAGE_FSM_COMPLETED |
| 31.1.1-9007-2p3-20250523.113042 | image-5917a6f3-e6a7-4337-b303-0908088ed079 | IMAGE_TYPE_PATCH  | IMAGE_FSM_COMPLETED |
+---------------------------------+--------------------------------------------+-------------------+---------------------+

5) The customer can use the below curl command to get the CSRF token and session_id

curl -kv -X POST \
  https://<controller_ip>/login \
  -H 'Content-Type: multipart/form-data' \
  -F 'username=admin' \
  -F 'password=<password>'

6) Get the csrftoken, avi-sessionid, and session_id from the output of the above API call.

7) Run the below curl command to restore the config

curl -kv -X POST https://<controller_ip>/api/configuration/restore \
-H "x-csrftoken: <csrf_token>" \
-H "cookie: accesstoken=None; refreshtoken=None; csrftoken=<csrftoken>; avi-sessionid=<avi_session_id>; sessionid=<session_id>" \
-H "X-Avi-Version: <avi_version>" \
-H "Referer: https://<controller_ip>" \
-H "Content-Type: multipart/form-data" \
-F "passphrase=<passphrase>" \
-F "file=@</path/to/backup/file.json>" \
-F "skip_warnings=true"

Here <passphrase> is the passphrase used while creating the backup file.

Additional Information

The below KB outlines how to restore config using API and BASIC AUTH

https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-administration-guide/nsx-advanced-load-balancer-controller-operations/backup-and-restore-of-avi-vantage-configuration/restoring-the-avi-vantage-configuration.html